| commit | 7f4005c9dbe7cd61730c483403ae62599506b449 | |
| author | Dan Carpenter <dan.carpenter@oracle.com> | |
| Wed, 13 Jun 2018 14:14:18 +0000 (13 17:14 +0300) | ||
| committer | Dan Carpenter <dan.carpenter@oracle.com> | |
| Wed, 13 Jun 2018 14:14:18 +0000 (13 17:14 +0300) | ||
| tree | 827da9b28c2be98ae9a07696007ac4697ba64273 | treesnapshot (tar.gz zip) |
| parent | 8a4c9ccbae493bf15216b4461fef0f1533109646 | commitdiff |
user_data: introduce is_user_data()
For the Spectre stuff we just care if an offset can be controlled by the
user. In other words, we don't care what that there is a limit check
which restricts it to 0-7 or whatever because the CPU is speculatively
executing instructions as if the condition wasn't there.
So I have introduced the is_user_rl().
The other difference is that Smatch was doing a hack with certain divides
and marking user controlled values as not user controlled. I have turned
this off when the --spammy option is used. Also I have introduced a
get_user_rl_spammy() which does this too.
Reported-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
For the Spectre stuff we just care if an offset can be controlled by the
user. In other words, we don't care what that there is a limit check
which restricts it to 0-7 or whatever because the CPU is speculatively
executing instructions as if the condition wasn't there.
So I have introduced the is_user_rl().
The other difference is that Smatch was doing a hack with certain divides
and marking user controlled values as not user controlled. I have turned
this off when the --spammy option is used. Also I have introduced a
get_user_rl_spammy() which does this too.
Reported-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
| check_user_data2.c | diffblobblamehistory | |
| smatch.h | diffblobblamehistory |