Searched hist:"62 df8016" (Results 1 – 1 of 1) sorted by relevance
/openbmc/linux/drivers/nvme/host/ |
H A D | pci.c | 62df8016 Wed Dec 23 16:09:00 CST 2020 Lalithambika Krishnakumar <lalithambika.krishnakumar@intel.com> nvme: avoid possible double fetch in handling CQE
While handling the completion queue, keep a local copy of the command id from the DMA-accessible completion entry. This silences a time-of-check to time-of-use (TOCTOU) warning from KF/x[1], with respect to a Thunderclap[2] vulnerability analysis. The double-read impact appears benign.
There may be a theoretical window for @command_id to be used as an adversary-controlled array-index-value for mounting a speculative execution attack, but that mitigation is saved for a potential follow-on. A man-in-the-middle attack on the data payload is out of scope for this analysis and is hopefully mitigated by filesystem integrity mechanisms.
[1] https://github.com/intel/kernel-fuzzer-for-xen-project [2] http://thunderclap.io/thunderclap-paper-ndss2019.pdf Signed-off-by: Lalithambika Krishna Kumar <lalithambika.krishnakumar@intel.com> Signed-off-by: Christoph Hellwig <hch@lst.de>
|