Re: [PATCH] powerpc/kernel: Fix potential spectre v1 in syscall

2024-05-30 Thread Nathan Lynch
Michael Ellerman writes: > Nathan Lynch writes: >> >> 1. The patch sanitizes 'nargs' immediately before the call to memset(), >>but shouldn't that happen before 'nargs' is used as an input to >>copy_from_user()? > > I think the reasoning is that there's no way to exploit an out of bounds

Re: [PATCH] powerpc/kernel: Fix potential spectre v1 in syscall

2024-05-20 Thread Michael Ellerman
Nathan Lynch writes: > Michael Ellerman writes: >> Breno Leitao writes: >>> On Tue, Mar 12, 2024 at 08:17:42AM +, Christophe Leroy wrote: +Nathan as this is RTAS related. > > Thanks! > Le 21/08/2018 à 20:42, Breno Leitao a écrit : > The rtas syscall reads a value from a user-p

Re: [PATCH] powerpc/kernel: Fix potential spectre v1 in syscall

2024-03-18 Thread Nathan Lynch
Michael Ellerman writes: > Breno Leitao writes: >> On Tue, Mar 12, 2024 at 08:17:42AM +, Christophe Leroy wrote: >>> +Nathan as this is RTAS related. Thanks! >>> Le 21/08/2018 à 20:42, Breno Leitao a écrit : >>> > The rtas syscall reads a value from a user-provided structure and uses it >>

Re: [PATCH] powerpc/kernel: Fix potential spectre v1 in syscall

2024-03-12 Thread Breno Leitao
On Tue, Mar 12, 2024 at 10:07:54PM +1100, Michael Ellerman wrote: > Breno Leitao writes: > > On Tue, Mar 12, 2024 at 08:17:42AM +, Christophe Leroy wrote: > >> +Nathan as this is RTAS related. > >> > >> Le 21/08/2018 à 20:42, Breno Leitao a écrit : > >> > The rtas syscall reads a value from a

Re: [PATCH] powerpc/kernel: Fix potential spectre v1 in syscall

2024-03-12 Thread Michael Ellerman
Breno Leitao writes: > On Tue, Mar 12, 2024 at 08:17:42AM +, Christophe Leroy wrote: >> +Nathan as this is RTAS related. >> >> Le 21/08/2018 à 20:42, Breno Leitao a écrit : >> > The rtas syscall reads a value from a user-provided structure and uses it >> > to index an array, being a possible

Re: [PATCH] powerpc/kernel: Fix potential spectre v1 in syscall

2024-03-12 Thread Breno Leitao
On Tue, Mar 12, 2024 at 08:17:42AM +, Christophe Leroy wrote: > +Nathan as this is RTAS related. > > Le 21/08/2018 à 20:42, Breno Leitao a écrit : > > The rtas syscall reads a value from a user-provided structure and uses it > > to index an array, being a possible area for a potential spectre

Re: [PATCH] powerpc/kernel: Fix potential spectre v1 in syscall

2024-03-12 Thread Christophe Leroy
+Nathan as this is RTAS related. Le 21/08/2018 à 20:42, Breno Leitao a écrit : > The rtas syscall reads a value from a user-provided structure and uses it > to index an array, being a possible area for a potential spectre v1 attack. > This is the code that exposes this problem. > > args.ret

[PATCH] powerpc/kernel: Fix potential spectre v1 in syscall

2018-08-21 Thread Breno Leitao
The rtas syscall reads a value from a user-provided structure and uses it to index an array, being a possible area for a potential spectre v1 attack. This is the code that exposes this problem. args.rets = &args.args[nargs]; The nargs is an user provided value, and the below code is an ex