Gustavo A. R. Silva a7102c7461 ipmi: msghandler: Fix potential Spectre v1 vulnerabilities ... channel and addr->channel are indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. These issues were detected with the help of Smatch: drivers/char/ipmi/ipmi_msghandler.c:1381 ipmi_set_my_address() warn: potential spectre issue 'user->intf->addrinfo' [w] (local cap) drivers/char/ipmi/ipmi_msghandler.c:1401 ipmi_get_my_address() warn: potential spectre issue 'user->intf->addrinfo' [r] (local cap) drivers/char/ipmi/ipmi_msghandler.c:1421 ipmi_set_my_LUN() warn: potential spectre issue 'user->intf->addrinfo' [w] (local cap) drivers/char/ipmi/ipmi_msghandler.c:1441 ipmi_get_my_LUN() warn: potential spectre issue 'user->intf->addrinfo' [r] (local cap) drivers/char/ipmi/ipmi_msghandler.c:2260 check_addr() warn: potential spectre issue 'intf->addrinfo' [r] (local cap) Fix this by sanitizing channel and addr->channel before using them to index user->intf->addrinfo and intf->addrinfo, correspondingly. Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://lore.kernel.org/lkml/20180423164740.GY17484@dhcp22.suse.cz/ Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Corey Minyard <cminyard@mvista.com>		2019-01-23 10:44:23 -06:00
..
bt-bmc.c	ipmi: Add or fix SPDX-License-Identifier in all files	2018-02-27 07:42:51 -06:00
ipmi_bt_sm.c	ipmi: Convert pr_xxx() to dev_xxx() in the BT code	2018-09-18 16:15:33 -05:00
ipmi_devintf.c	ipmi: Convert printk(KERN_<level> to pr_<level>(	2018-09-18 16:15:33 -05:00
ipmi_dmi.c	ipmi: Remove platform driver overrides and use the id_table	2018-09-18 16:15:33 -05:00
ipmi_dmi.h	ipmi: Add or fix SPDX-License-Identifier in all files	2018-02-27 07:42:51 -06:00
ipmi_kcs_sm.c	ipmi: Convert printk(KERN_<level> to pr_<level>(	2018-09-18 16:15:33 -05:00
ipmi_msghandler.c	ipmi: msghandler: Fix potential Spectre v1 vulnerabilities	2019-01-23 10:44:23 -06:00
ipmi_powernv.c	ipmi:powernv: Convert ipmi_smi_t to struct ipmi_smi	2018-09-18 16:15:33 -05:00
ipmi_poweroff.c	ipmi: Use more common logging styles	2018-09-18 16:15:33 -05:00
ipmi_si_hardcode.c	ipmi: Use more common logging styles	2018-09-18 16:15:33 -05:00
ipmi_si_hotmod.c	ipmi: Use more common logging styles	2018-09-18 16:15:33 -05:00
ipmi_si_intf.c	drivers/ipmi: Replace synchronize_sched() with synchronize_rcu()	2018-11-27 09:21:36 -08:00
ipmi_si_mem_io.c	ipmi_si: fix potential integer overflow on large shift	2018-09-18 16:15:33 -05:00
ipmi_si_parisc.c	ipmi: Add or fix SPDX-License-Identifier in all files	2018-02-27 07:42:51 -06:00
ipmi_si_pci.c	ipmi_si_pci: fix NULL device in ipmi_si error message	2018-09-18 16:15:33 -05:00
ipmi_si_platform.c	ipmi: Remove platform driver overrides and use the id_table	2018-09-18 16:15:33 -05:00
ipmi_si_port_io.c	ipmi: Add or fix SPDX-License-Identifier in all files	2018-02-27 07:42:51 -06:00
ipmi_si_sm.h	ipmi: Add or fix SPDX-License-Identifier in all files	2018-02-27 07:42:51 -06:00
ipmi_si.h	ipmi: Add or fix SPDX-License-Identifier in all files	2018-02-27 07:42:51 -06:00
ipmi_smic_sm.c	ipmi: Convert printk(KERN_<level> to pr_<level>(	2018-09-18 16:15:33 -05:00
ipmi_ssif.c	ipmi:ssif: Fix handling of multi-part return messages	2019-01-23 10:44:23 -06:00
ipmi_watchdog.c	ipmi: Use more common logging styles	2018-09-18 16:15:33 -05:00
Kconfig	ipmi: Remove the proc interface	2018-05-09 12:21:46 -05:00
kcs_bmc_aspeed.c	ipmi: kcs_bmc: coding-style fixes and use new poll type	2018-02-26 09:49:21 -06:00
kcs_bmc_npcm7xx.c	ipmi: NPCM7xx KCS BMC: enable interrupt to the host	2018-05-23 08:29:23 -05:00
kcs_bmc.c	ipmi: kcs_bmc: don't change device name	2018-08-30 14:55:18 -05:00
kcs_bmc.h	ipmi: kcs_bmc: coding-style fixes and use new poll type	2018-02-26 09:49:21 -06:00
Makefile	ipmi: add an NPCM7xx KCS BMC driver	2018-04-18 10:23:12 -05:00