Re: [PATCH 0/2] fs/quota: Fix potential spectre v1 gadgets

[Jan Kara]

On Tue 31-07-18 13:43:44, Josh Poimboeuf wrote:
> On Tue, Jul 31, 2018 at 01:37:29AM +0000, Jeremy Cline wrote:
> > Hi folks,
> > 
> > This series unifies XQM_MAXQUOTAS with MAXQUOTAS, which were both being
> > used to perform bounds checks on arrays, and then sanitizes 'type' so it
> > can't be used in speculative out-of-bounds array access.
> > 
> > Jeremy Cline (2):
> >   fs/quota: Replace XQM_MAXQUOTAS usage with MAXQUOTAS
> >   fs/quota: Fix spectre gadget in do_quotactl
> > 
> >  fs/quota/quota.c               | 14 +++++++-------
> >  include/linux/quota.h          |  8 +-------
> >  include/uapi/linux/dqblk_xfs.h |  5 -----
> >  3 files changed, 8 insertions(+), 19 deletions(-)
> 
> Looks good to me, though this might hinge on the discussion with
> Andreas:
> 
>   https://lkml.kernel.org/r/E3E7B6AF-3819-4998-9B12-DACB4EBC14F1@xxxxxxxxx

Actually, XQM_MAXQUOTAS is a different kind of beast than EXT4_MAXQUOTAS
and friends. XQM_MAXQUOTAS is maximum allowed type number for some
quotactl(8) syscall commands. After quite some effort we have unified the
interfaces for all quotactl commands so they support the same set of quota
types and we don't really plan for these two diverge in the future again. So
the cleanup makes sense.

OTOH EXT4_MAXQUOTAS defines how many quota types ext4 filesystem supports
and that definitely needs to stay a separate constant from the number of
quota types generic infrastructure supports... So here I agree with
Andreas.

								Honza
-- 
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR