On 05/19/2018 02:04 AM, Greg Kroah-Hartman wrote:
Greg, I've been talking with Dan Williams (intel) about this kind of issues [1] and it seems my original assumptions are correct. Hence, this patch is not useful and, in order to actually prevent speculation here we would need to pass the address of pdev_nr and rhport into valid_port, otherwise there may be speculation at drivers/usb/usbip/vhci_sysfs.c:235: if (!valid_port(pdev_nr, rhport)) return -EINVAL; hcd = platform_get_drvdata(vhcis[pdev_nr].pdev);Ah, yes, sorry, you do need to pass the address through, my mistake completely. But the location for the checking is still the right place to do it, so I was half-right :)
Yep. And that totally make sense. I already sent v3: https://marc.info/?l=linux-kernel&m=152669243313887&w=2 Thanks! -- Gustavo
