linux/drivers/misc/sgi-gru
Gustavo A. R. Silva fee05f455c drivers/misc/sgi-gru: fix Spectre v1 vulnerability
req.gid can be indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

vers/misc/sgi-gru/grukdump.c:200 gru_dump_chiplet_request() warn:
potential spectre issue 'gru_base' [w]

Fix this by sanitizing req.gid before calling macro GID_TO_GRU, which
uses it to index gru_base.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-11 09:13:19 -08:00
..
gru_instructions.h
gru.h
grufault.c mm: convert generic code to 5-level paging 2017-03-09 11:48:47 -08:00
grufile.c x86/UV: Fix conditional in gru_exit() 2014-04-01 12:10:45 +02:00
gruhandles.c misc: sgi-gru: gruhandles.c: Remove unused function 2015-10-04 12:55:59 +01:00
gruhandles.h misc: sgi-gru: gruhandles.c: Remove unused function 2015-10-04 12:55:59 +01:00
grukdump.c drivers/misc/sgi-gru: fix Spectre v1 vulnerability 2018-11-11 09:13:19 -08:00
grukservices.c misc: sgi-gru: fix fall-through annotations 2018-09-20 15:13:52 +02:00
grukservices.h
grulib.h
grumain.c misc: sgi-gru: Change return type to vm_fault_t 2018-05-14 16:25:52 +02:00
gruprocfs.c sgi-gru: simplify procfs code 2018-05-16 07:24:30 +02:00
grutables.h misc: sgi-gru: Change return type to vm_fault_t 2018-05-14 16:25:52 +02:00
grutlbpurge.c Revert "mm, mmu_notifier: annotate mmu notifiers with blockable invalidate callbacks" 2018-10-26 16:25:19 -07:00
Makefile