On 27.12.2019 11:52, George Dunlap wrote:
> On 12/27/19 7:59 AM, Jan Beulich wrote:
>> On 23.12.2019 19:08, George Dunlap wrote:
>>> What about the attached series of patches (compile-tested only)?
>>
>> This ...
>>
>>> +#define nospec_clip(index, size) \
>>> + ({ \
>>> + bool clipped = (index >= size); \
>>> + index = array_index_nospec(index, size); \
>>> + clipped; \
>>> + })
>>
>> ... in particular may misguide people on its use: If the clipped
>> "index" gets stored in a register, all is going to be fine (afaict),
>> but if it ends up in memory, there's be new (mis-)speculation
>> opportunities.
>
> That makes sense; but in that case code like this:
>
>> + idx = array_index_nospec(idx, MAX_ALTP2M);
>> +
>
> ...could end up stored on the stack and re-read, couldn't it? I mean
> yes, it's *very likely* going to stay in a register, but there's no way
> to actually guarantee it, is there?
Indeed - hence my "Some of the clipping done in the patches is
already not fully safe against this" in the prior response ("the
patches" meaning Alexandru's, not yours, and it would probably
better have been singular).
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
