On Fri, Jan 05, 2018 at 05:10:48PM -0800, Dan Williams wrote: > Static analysis reports that 'handle' may be a user controlled value > that is used as a data dependency to read 'sp' from the > 'req->outstanding_cmds' array. In order to avoid potential leaks of > kernel memory values, block speculative execution of the instruction > stream that could issue reads based on an invalid value of 'sp'. In this > case 'sp' is directly dereferenced later in the function. I'm pretty sure that 'handle' comes from the hardware, not from userspace, from what I can tell here. If we want to start auditing __iomem data sources, great! But that's a bigger task, and one I don't think we are ready to tackle... thanks, greg k-h
