During the process of developer discussion of the linux kernel about andl theme of a set of patches to fix vulnerabilities of Specter in the code to work with linked lists, it became clear for many developers that the problem could be solved more easily if was allowed in the kernel code C que conforms to a newer version of the standard.
And it is that currently the code added to the Linux Kernel must comply with the ANSI C (C89) specification, which was formed in 1989.
It is because of that the problem related to Specter in the code was because se kept using an iterator defined separately after the loop.
Despite its generally fast nature, the kernel project relies on a number of older tools. While critics like to focus on the community's extensive use of email, a possibly more significant anachronism is the use of the 1989 version of the C language standard for kernel code, a standard that was codified before the kernel project started over 30 years ago. It looks like that long-standing practice could come to an end as soon as kernel 5.18, expected in May of this year.
It is mentioned that a macro is used to iterate over the elements of the linked list, and since the loop iterator is passed to this macro, it is defined outside of the loop itself and remains available after the loop. Using the C99 standard would allow developers to define variables for the loop in the for() block, which would solve the problem without inventing workarounds.
Unfortunately, there are multiple locations in the kernel where the list
iterator is used after the loop that breaks on such a change. Fortunately
there is the script use_after_iter.cocci which can be used to identify such
code locations. I had to adapt the script a bit as it reduces false
positives in the original use case, but those are relevant to this patch.A large variety of reported code locations only use the list iterator after
the cycle if there was an early exit (break/goto) and therefore they are not
relevant.
For its part, Linus Torvalds agreed with the idea to be able to implement support for the newer specifications and further suggested moving on kernel 5.18 to use the C11 standard, released in 2011.
After that, during preliminary verification, mounting to GCC and Clang in the new mode passed without deviation. Unless unforeseen problems arise due to more extensive testing, the 5.18 kernel build scripts will change the '–std=gnu89' option to '–std=gnu11 -Wno-shift-negative-value'.
Linus Torvalds did not like the patch very much and did not see how it related to speculative execution vulnerabilities. However, after Koschel further explained the situation, Torvalds agreed that "this is just a normal bug, plain and simple" and said that it should be fixed regardless of the larger series. But he then delved into the real source of the problem: that the iterator passed to the list traversal macros must be declared in a scope outside the loop itself:
The main reason this kind of nonspeculative error can occur is that historically we didn't have C99-style "declare variables in loops." So list_for_each_entry() - and all the others - fundamentally always filter the last HEAD entry out of the loop, simply because we couldn't declare the iterator variable in the loop itself.
It is also worth mentioning that the possibility of using the C17 standard was considered, but in this case it would be necessary to increase the minimum supported version of GCC, since the inclusion of support for C11 conforms to the current requirements for the GCC version (5.1).
Finally if you are interested in knowing more about it, you can check the details in the following link