On Tue, Mar 12, 2024 at 08:17:42AM +0000, Christophe Leroy wrote: > +Nathan as this is RTAS related. > > Le 21/08/2018 à 20:42, Breno Leitao a écrit : > > The rtas syscall reads a value from a user-provided structure and uses it > > to index an array, being a possible area for a potential spectre v1 attack. > > This is the code that exposes this problem. > > > > args.rets = &args.args[nargs]; > > > > The nargs is an user provided value, and the below code is an example where > > the 'nargs' value would be set to XX. > > > > struct rtas_args ra; > > ra.nargs = htobe32(XX); > > syscall(__NR_rtas, &ra); > > > This patch has been hanging around in patchwork since 2018 and doesn't > apply anymore. Is it still relevant ? If so, can you rebase et resubmit ?
This seems to be important, since nargs is a user-provided value. I can submit it if the maintainers are willing to accept. I do not want to spend my time if no one is willing to review it. Thanks for revamping this one.
