On 7/10/19 05:12, Jan Beulich wrote: > On 08.07.2019 15:53, Norbert Manthey wrote: >> On 5/23/19 17:01, Jan Beulich wrote: >>>>>> On 21.05.19 at 09:45, <nmant...@amazon.de> wrote: >>>> * gnttab_set_version: all accessible data is allocated for both versions >>> This is not enough for my taste: The very first loop is safe only >>> because nr_grant_entries() is. And speculating into >>> gnttab_unpopulate_status_frames() doesn't look safe at all, as >>> gt->status[i] may be NULL. >> So, you basically want to see a block_speculation() at the beginning of >> the function gnttab_populate_status_frames and >> gnttab_unpopulate_status_frames? I do not claim to protect against >> speculative out-of-bound accesses that are caused by the for loop in >> gnttab_set_version. > The point isn't the loop, but the fact that by mis-speculating through > the two conditions before the function call a NULL gt->status[0] may > get accessed, entirely independent of this being a loop or just a > singular access.
I understand. To prevent this kind of access during speculative execution, I will add a block_speculation() at the top of the function to make sure the code is reached only when the correct version number is used. Best, Norbert Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
