On 27.12.2019 11:52, George Dunlap wrote: > On 12/27/19 7:59 AM, Jan Beulich wrote: >> On 23.12.2019 19:08, George Dunlap wrote: >>> What about the attached series of patches (compile-tested only)? >> >> This ... >> >>> +#define nospec_clip(index, size) \ >>> + ({ \ >>> + bool clipped = (index >= size); \ >>> + index = array_index_nospec(index, size); \ >>> + clipped; \ >>> + }) >> >> ... in particular may misguide people on its use: If the clipped >> "index" gets stored in a register, all is going to be fine (afaict), >> but if it ends up in memory, there's be new (mis-)speculation >> opportunities. > > That makes sense; but in that case code like this: > >> + idx = array_index_nospec(idx, MAX_ALTP2M); >> + > > ...could end up stored on the stack and re-read, couldn't it? I mean > yes, it's *very likely* going to stay in a register, but there's no way > to actually guarantee it, is there?
Indeed - hence my "Some of the clipping done in the patches is already not fully safe against this" in the prior response ("the patches" meaning Alexandru's, not yours, and it would probably better have been singular). Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel