On Thu, Jan 11, 2018 at 5:19 PM, James Bottomley <jejb@xxxxxxxxxxxxxxxxxx> wrote: > On Thu, 2018-01-11 at 16:47 -0800, Dan Williams wrote: >> Static analysis reports that 'handle' may be a user controlled value >> that is used as a data dependency to read 'sp' from the >> 'req->outstanding_cmds' array. > > Greg already told you it comes from hardware, specifically the hardware > response queue. If you don't believe him, I can confirm it's quite > definitely all copied from the iomem where the mailbox response is, so > it can't be a user controlled value (well, unless the user has some > influence over the firmware of the qla2xxx controller, which probably > means you have other things to worry about than speculative information > leaks). I do believe him, and I still submitted this. I'm trying to probe at the meta question of where do we draw the line with these especially when it costs us relatively little to apply a few line patch? We fix theoretical lockdep races, why not theoretical data leak paths?
