On 05/23/2018 12:15 AM, Dan Williams wrote:
OK. How about this:
diff --git a/include/linux/nospec.h b/include/linux/nospec.h
index e791ebc..498995b 100644
--- a/include/linux/nospec.h
+++ b/include/linux/nospec.h
@@ -55,4 +55,21 @@ static inline unsigned long
array_index_mask_nospec(unsigned long index,
\
(typeof(_i)) (_i & _mask); \
})
+
+#define validate_index_nospec(index, size) \
+({ \
+ bool ret = true; \
+ typeof(index) *ptr = &(index); \
+ typeof(size) _s = (size); \
+ \
+ BUILD_BUG_ON(sizeof(*ptr) > sizeof(long)); \
+ BUILD_BUG_ON(sizeof(_s) > sizeof(long)); \
+ \
+ if (*ptr >= size) \
I'll change the line above by this one:
if (*ptr >= _s)
+ ret = false; \
+ \
+ *ptr = array_index_nospec(*ptr, _s); \
+ \
+ ret; \
+})
#endif /* _LINUX_NOSPEC_H */
Assuming the assembly generation is comparable with the open coded
version, this looks ok to me.
OK. I'll send a proper patch tomorrow morning.
Thanks for the feedback, Dan.
--
Gustavo
