In a detailed analysis in their blog, developers of the Linux kernel’s Grsecurity patches describe how the upstream community of Linux misrepresented a supposedly simple safeguard against the Specter vulnerability. This bug has also been backported into the stable kernel versions.
The origin of the problem is due to a patch by the developer Dianzhang Chen. This adds the use of the macro array_index_nospec () to a specific function. This eliminates Specter v1 exploit by purging the index to access an array, even on speculative execution, and is guaranteed to be within the limits of the array. First introduced this macro with Linux 4.16.
The developers of Grsecurity historically have a very difficult relationship with the rest of the Linux community. Chief developer Torvalds has even called their code “garbage”. Accordingly, the team uses the blog entry not only for analysis but also very strikingly as self-promotion for its patches and its technology. Likewise, the fundamental criticism of the Grsecurity team for the maintenance of stable kernel branches by the Linux community is repeated in the blog. Probably not entirely wrong.
Submitted by: Arnfried Walbrecht