On Thu, Jan 11, 2018 at 5:19 PM, Linus Torvalds <torva...@linux-foundation.org> wrote: > Should the array access in entry_SYSCALL_64_fastpath be made to use > the masking approach?
That one has a bounds check for an inline constant. cmpq $__NR_syscall_max, %rax so should be safe. The classic Spectre variant #1 code sequence is: int array_size; if (x < array_size) { something with array[x] } which runs into problems because the array_size variable may not be in cache, and while the CPU core is waiting for the value it speculates inside the "if" body. The syscall entry is more like: #define ARRAY_SIZE 10 if (x < ARRAY_SIZE) { something with array[x] } Here there isn't any reason for speculation. The core has the value of 'x' in a register and the upper bound encoded into the "cmp" instruction. Both are right there, no waiting, no speculation. -Tony