Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-09 Thread Greg KH
On Tue, Jan 09, 2018 at 04:26:28PM +0200, Laurent Pinchart wrote: > Hi Greg, > > On Tuesday, 9 January 2018 12:04:10 EET Greg KH wrote: > > On Tue, Jan 09, 2018 at 10:40:21AM +0200, Laurent Pinchart wrote: > > > On Saturday, 6 January 2018 11:40:26 EET Greg KH wrote: > > >> On Sat, Jan 06, 2018

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-09 Thread Greg KH
On Tue, Jan 09, 2018 at 04:26:28PM +0200, Laurent Pinchart wrote: > Hi Greg, > > On Tuesday, 9 January 2018 12:04:10 EET Greg KH wrote: > > On Tue, Jan 09, 2018 at 10:40:21AM +0200, Laurent Pinchart wrote: > > > On Saturday, 6 January 2018 11:40:26 EET Greg KH wrote: > > >> On Sat, Jan 06, 2018

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-09 Thread Laurent Pinchart
Hi Greg, On Tuesday, 9 January 2018 12:04:10 EET Greg KH wrote: > On Tue, Jan 09, 2018 at 10:40:21AM +0200, Laurent Pinchart wrote: > > On Saturday, 6 January 2018 11:40:26 EET Greg KH wrote: > >> On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > >> > >> While I'm all for fixing this

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-09 Thread Laurent Pinchart
Hi Greg, On Tuesday, 9 January 2018 12:04:10 EET Greg KH wrote: > On Tue, Jan 09, 2018 at 10:40:21AM +0200, Laurent Pinchart wrote: > > On Saturday, 6 January 2018 11:40:26 EET Greg KH wrote: > >> On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > >> > >> While I'm all for fixing this

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-09 Thread Greg KH
On Tue, Jan 09, 2018 at 10:40:21AM +0200, Laurent Pinchart wrote: > On Saturday, 6 January 2018 11:40:26 EET Greg KH wrote: > > On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > > > > While I'm all for fixing this type of thing, I feel like we need to do > > something "else" for this as

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-09 Thread Greg KH
On Tue, Jan 09, 2018 at 10:40:21AM +0200, Laurent Pinchart wrote: > On Saturday, 6 January 2018 11:40:26 EET Greg KH wrote: > > On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > > > > While I'm all for fixing this type of thing, I feel like we need to do > > something "else" for this as

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-09 Thread Laurent Pinchart
Hi Greg, On Saturday, 6 January 2018 11:40:26 EET Greg KH wrote: > On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > > On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: > >> Static analysis reports that 'index' may be a user controlled value that > >> is used as a data

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-09 Thread Laurent Pinchart
Hi Greg, On Saturday, 6 January 2018 11:40:26 EET Greg KH wrote: > On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > > On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: > >> Static analysis reports that 'index' may be a user controlled value that > >> is used as a data

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-08 Thread Dan Williams
On Mon, Jan 8, 2018 at 3:23 AM, Laurent Pinchart wrote: > Hi Dan, > > Thank you for the patch. > > On Saturday, 6 January 2018 03:10:32 EET Dan Williams wrote: >> Static analysis reports that 'index' may be a user controlled value that >> is used as a data

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-08 Thread Dan Williams
On Mon, Jan 8, 2018 at 3:23 AM, Laurent Pinchart wrote: > Hi Dan, > > Thank you for the patch. > > On Saturday, 6 January 2018 03:10:32 EET Dan Williams wrote: >> Static analysis reports that 'index' may be a user controlled value that >> is used as a data dependency to read 'pin' from the >>

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-08 Thread Laurent Pinchart
Hi Dan, Thank you for the patch. On Saturday, 6 January 2018 03:10:32 EET Dan Williams wrote: > Static analysis reports that 'index' may be a user controlled value that > is used as a data dependency to read 'pin' from the > 'selector->baSourceID' array. In order to avoid potential leaks of >

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-08 Thread Laurent Pinchart
Hi Dan, Thank you for the patch. On Saturday, 6 January 2018 03:10:32 EET Dan Williams wrote: > Static analysis reports that 'index' may be a user controlled value that > is used as a data dependency to read 'pin' from the > 'selector->baSourceID' array. In order to avoid potential leaks of >

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-07 Thread Dan Williams
On Sun, Jan 7, 2018 at 1:09 AM, Greg KH wrote: [..] > Sorry for the confusion, no, I don't mean the "taint tracking", I mean > the generic pattern of "speculative out of bounds access" that we are > fixing here. > > Yes, as you mentioned before, there are tons of

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-07 Thread Dan Williams
On Sun, Jan 7, 2018 at 1:09 AM, Greg KH wrote: [..] > Sorry for the confusion, no, I don't mean the "taint tracking", I mean > the generic pattern of "speculative out of bounds access" that we are > fixing here. > > Yes, as you mentioned before, there are tons of false-positives in the > tree, as

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-07 Thread Greg KH
On Sat, Jan 06, 2018 at 09:41:17AM -0800, Dan Williams wrote: > On Sat, Jan 6, 2018 at 1:40 AM, Greg KH wrote: > > On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > >> On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: > >> > Static analysis reports

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-07 Thread Greg KH
On Sat, Jan 06, 2018 at 09:41:17AM -0800, Dan Williams wrote: > On Sat, Jan 6, 2018 at 1:40 AM, Greg KH wrote: > > On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > >> On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: > >> > Static analysis reports that 'index' may be a user

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-06 Thread Dan Williams
On Sat, Jan 6, 2018 at 1:40 AM, Greg KH wrote: > On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: >> On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: >> > Static analysis reports that 'index' may be a user controlled value that >> > is used as a

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-06 Thread Dan Williams
On Sat, Jan 6, 2018 at 1:40 AM, Greg KH wrote: > On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: >> On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: >> > Static analysis reports that 'index' may be a user controlled value that >> > is used as a data dependency to read 'pin'

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-06 Thread Greg KH
On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: > > Static analysis reports that 'index' may be a user controlled value that > > is used as a data dependency to read 'pin' from the > > 'selector->baSourceID' array. In order

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-06 Thread Greg KH
On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: > > Static analysis reports that 'index' may be a user controlled value that > > is used as a data dependency to read 'pin' from the > > 'selector->baSourceID' array. In order

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-06 Thread Greg KH
On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: > Static analysis reports that 'index' may be a user controlled value that > is used as a data dependency to read 'pin' from the > 'selector->baSourceID' array. In order to avoid potential leaks of > kernel memory values, block

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-06 Thread Greg KH
On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: > Static analysis reports that 'index' may be a user controlled value that > is used as a data dependency to read 'pin' from the > 'selector->baSourceID' array. In order to avoid potential leaks of > kernel memory values, block

[PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-05 Thread Dan Williams
Static analysis reports that 'index' may be a user controlled value that is used as a data dependency to read 'pin' from the 'selector->baSourceID' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction stream that could issue reads based

[PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

2018-01-05 Thread Dan Williams
Static analysis reports that 'index' may be a user controlled value that is used as a data dependency to read 'pin' from the 'selector->baSourceID' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction stream that could issue reads based