On 18/09/19 15:59, Will Deacon wrote: > Okey doke, as long as it gets fixed! My minor concerns with the error-checking > variant are: > > * Whether or not you need a READ_ONCE to prevent the compiler potentially > reloading 'ring->last' after validation Yes, it certainly needs READ_ONCE. I had already added it locally, indeed. > * Whether or not this could be part of a spectre-v1 gadget I think not, the spectrev1 gadget require a load that is indexed from the contents of ring->coalesced_mmio[insert], but there's none. Paolo > so, given that I don't think the malicious host deserves an error code if it > starts writing the 'last' index, I went with the "obviously safe" version. > But up to you. > > Will >
