On Thu, Jun 11, 2026 at 12:43:09PM +0800, Herbert Xu wrote: > On Sun, May 31, 2026 at 10:22:51AM -0400, Michael Bommarito wrote: > > > > + size = min_t(unsigned int, size, avail - vi->data_idx); > > + idx = array_index_nospec(vi->data_idx, sizeof(vi->data)); > > + memcpy(buf, vi->data + idx, size); > > I don't see how nospec can help here. Please enlighten me.
All the "malicious device" things are confusing. Spectre things - doubly so. So if an access is speculated then CPU might speculate feeding a kernel secret into RNG. And then the speculated RNG value maybe can be also speculatively be used by some kernel code as an index to trigger a cache access, finally leaking the secret? Maybe? > Thanks, > -- > Email: Herbert Xu <[email protected]> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
