On 08.07.2019 15:53, Norbert Manthey wrote: > On 5/23/19 17:01, Jan Beulich wrote: >>>>> On 21.05.19 at 09:45, <nmant...@amazon.de> wrote: >>> * gnttab_set_version: all accessible data is allocated for both versions >> This is not enough for my taste: The very first loop is safe only >> because nr_grant_entries() is. And speculating into >> gnttab_unpopulate_status_frames() doesn't look safe at all, as >> gt->status[i] may be NULL. > So, you basically want to see a block_speculation() at the beginning of > the function gnttab_populate_status_frames and > gnttab_unpopulate_status_frames? I do not claim to protect against > speculative out-of-bound accesses that are caused by the for loop in > gnttab_set_version.
The point isn't the loop, but the fact that by mis-speculating through the two conditions before the function call a NULL gt->status[0] may get accessed, entirely independent of this being a loop or just a singular access. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
