On 01/04/2018 06:58 AM, Richard Earnshaw wrote: > > Recently, Google Project Zero disclosed several classes of attack > against speculative execution. One of these, known as variant-1 > (CVE-2017-5753), allows explicit bounds checks to be bypassed under > speculation, providing an arbitrary read gadget. Further details can > be found on the GPZ blog [1] and the documentation that is included > with the first patch. So I think it's important for anyone reading this stuff to read Richard's paragraph carefully -- "an arbitrary read gadget".
I fully expect that over the course of time we're going to see other arbitrary read gadgets to be found. Those gadgets may have lower bandwidth, have a higher degree of jitter or be harder to exploit, but they're out there just waiting to be discovered. So I don't expect this to be the only mitigation we have to put into place. Anyway... > > Some optimizations are permitted to make the builtin easier to use. > The final two arguments can both be omitted (c++ style): failval will > default to 0 in this case and if cmpptr is omitted ptr will be used > for expansions of the range check. In addition either lower or upper > (but not both) may be a literal NULL and the expansion will then > ignore that boundary condition when expanding. So what are the cases where FAILVAL is useful rather than just using zero (or some other constant) all the time? Similarly under what conditions would one want to use CMPPTR rather than PTR? I wandered down through the LKML thread but didn't see anything which would shed light on those two questions. jeff >
