Re: [PATCH v2 17/19] qla2xxx: prevent bounds-check bypass via speculative execution
- Date: Thu, 11 Jan 2018 21:38:18 -0800
- From: Dan Williams <dan.j.williams@xxxxxxxxx>
- Subject: Re: [PATCH v2 17/19] qla2xxx: prevent bounds-check bypass via speculative execution
On Thu, Jan 11, 2018 at 5:19 PM, James Bottomley
<jejb@xxxxxxxxxxxxxxxxxx> wrote:
> On Thu, 2018-01-11 at 16:47 -0800, Dan Williams wrote:
>> Static analysis reports that 'handle' may be a user controlled value
>> that is used as a data dependency to read 'sp' from the
>> 'req->outstanding_cmds' array.
>
> Greg already told you it comes from hardware, specifically the hardware
> response queue. If you don't believe him, I can confirm it's quite
> definitely all copied from the iomem where the mailbox response is, so
> it can't be a user controlled value (well, unless the user has some
> influence over the firmware of the qla2xxx controller, which probably
> means you have other things to worry about than speculative information
> leaks).
I do believe him, and I still submitted this. I'm trying to probe at
the meta question of where do we draw the line with these especially
when it costs us relatively little to apply a few line patch? We fix
theoretical lockdep races, why not theoretical data leak paths?