| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Feb 2018 15:53:14 +0100 (CET)
From: Thomas Gleixner <tglx@...utronix.de>
To: Dan Williams <dan.j.williams@...el.com>
cc: Rasmus Villemoes <rasmus.villemoes@...vas.dk>,
LKML <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
David Woodhouse <dwmw@...zon.co.uk>,
Greg KH <gregkh@...uxfoundation.org>
Subject: Re: [PATCH] posix-timers: Protect posix clock array access against
speculation
On Thu, 15 Feb 2018, Dan Williams wrote:
> On Thu, Feb 15, 2018 at 6:05 AM, Rasmus Villemoes
> <rasmus.villemoes@...vas.dk> wrote:
> > (2) The line "if (id >= ARRAY_SIZE(posix_clocks) || !posix_clocks[id])"
> > still seems to allow speculatively accessing posix_clocks[id]. Is that
> > ok, and even if so, wouldn't it be cleaner to elide the
> > !posix_clocks[id] check and just return the NULL safely fetched from the
> > array in the following line?
>
> Right, this looks broken. I would expect:
Indeed. Missed that.
> if (id >= ARRAY_SIZE(posix_clocks))
> return NULL;
> idx = array_index_nospec(idx, ARRAY_SIZE(posix_clocks));
> if (!posix_clocks[idx])
> return NULL;
> return posix_clocks[idx];
The !posix_clocks[idx] check is pointless and always was.
if (id >= ARRAY_SIZE(posix_clocks))
return NULL;
idx = array_index_nospec(idx, ARRAY_SIZE(posix_clocks));
return posix_clocks[idx];
is sufficient. It returns NULL for !posix_clocks[idx] anyway.
Thanks,
tglx
Powered by blists - more mailing lists