| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Mar 2018 10:13:48 -0800
From: Dan Williams <dan.j.williams@...el.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Rasmus Villemoes <rasmus.villemoes@...vas.dk>,
LKML <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
David Woodhouse <dwmw@...zon.co.uk>,
Greg KH <gregkh@...uxfoundation.org>
Subject: Re: [PATCH V2] posix-timers: Protect posix clock array access against speculation
On Thu, Feb 15, 2018 at 9:01 AM, Peter Zijlstra <peterz@...radead.org> wrote:
> On Thu, Feb 15, 2018 at 05:21:55PM +0100, Thomas Gleixner wrote:
>> The clockid argument of clockid_to_kclock() comes straight from user space
>> via various syscalls and is used as index into the posix_clocks array.
>>
>> Protect it against spectre v1 array out of bounds speculation. Remove the
>> redundant check for !posix_clock[id] as this is another source for
>> speculation and does not provide any advantage over the return
>> posix_clock[id] path which returns NULL in that case anyway.
>>
>> Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
>> Cc: stable@...r.kernel.org
>
> Acked-by: Peter Zijlstra (Intel) <peterz@...radead.org>
>
Curious where this ended up, I don't see it on tip/master. In any event:
Acked-by: Dan Williams <dan.j.williams@...el.com>
Powered by blists - more mailing lists