On Tue, Jan 9, 2018 at 2:23 PM, Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote: > On Tue, Jan 09, 2018 at 01:59:04PM -0800, Dan Williams wrote: >> > Right, but what's the purpose of preventing speculation past >> > access_ok()? >> >> Caution. It's the same rationale for the nospec_array_ptr() patches. >> If we, kernel community, can identify any possible speculation past a >> bounds check we should inject a speculation mitigation. Unless there's >> a way to be 100% certain that the first unwanted speculation can be >> turned into a gadget later on in the instruction stream, err on the >> side of shutting it down early. > > I'm all for being cautious. The nospec_array_ptr() patches are fine, > and they make sense in light of the variant 1 CVE. > > But that still doesn't answer my question. I haven't seen *any* > rationale for this patch. It would be helpful to at least describe > what's being protected against, even if it's hypothetical. How can we > review it if the commit log doesn't describe its purpose? Certainly the changelog needs improvement, I'll roll these concerns into v2 and we can go from there.
