Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 8:29 AM, Dan Williams wrote: > On Sat, Jan 6, 2018 at 7:14 AM, Greg KH wrote: >> On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote: >>> On Sat, 6 Jan 2018 10:01:54 +0100 >>> Greg KH wrote: >>> >>> > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: >>> >

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 7:14 AM, Greg KH wrote: > On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote: >> On Sat, 6 Jan 2018 10:01:54 +0100 >> Greg KH wrote: >> >> > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: >> > > Static analysis reports that 'offset' may be a user contro

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote: > On Sat, 6 Jan 2018 10:01:54 +0100 > Greg KH wrote: > > > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > > > Static analysis reports that 'offset' may be a user controlled value > > > > Can I see the rule that determin

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, 6 Jan 2018 10:01:54 +0100 Greg KH wrote: > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > > Static analysis reports that 'offset' may be a user controlled value > > Can I see the rule that determined that? It does not feel like that is > correct, given the 3+ levels d

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:11 AM, Dan Williams wrote: Static analysis reports that 'offset' may be a user controlled value that is used as a data dependency reading from a raw_frag_vec buffer. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction stream tha

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > Static analysis reports that 'offset' may be a user controlled value Can I see the rule that determined that? It does not feel like that is correct, given the 3+ levels deep that this function gets this value from... Same for the ip

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > Static analysis reports that 'offset' may be a user controlled value > that is used as a data dependency reading from a raw_frag_vec buffer. > In order to avoid potential leaks of kernel memory values, block > speculative execution of

[PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

Static analysis reports that 'offset' may be a user controlled value that is used as a data dependency reading from a raw_frag_vec buffer. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction stream that could issue further reads based on an inva