[PATCH AUTOSEL 4.4 11/14] IB/core: Add mitigation for Spectre V1

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Luck, Tony" <tony.luck@intel.com>,
	Doug Ledford <dledford@redhat.com>,
	Sasha Levin <sashal@kernel.org>,
	linux-rdma@vger.kernel.org
Subject: [PATCH AUTOSEL 4.4 11/14] IB/core: Add mitigation for Spectre V1
Date: Tue,  6 Aug 2019 17:37:45 -0400	[thread overview]
Message-ID: <20190806213749.20689-11-sashal@kernel.org> (raw)
In-Reply-To: <20190806213749.20689-1-sashal@kernel.org>

From: "Luck, Tony" <tony.luck@intel.com>

[ Upstream commit 61f259821dd3306e49b7d42a3f90fb5a4ff3351b ]

Some processors may mispredict an array bounds check and
speculatively access memory that they should not. With
a user supplied array index we like to play things safe
by masking the value with the array size before it is
used as an index.

Signed-off-by: Tony Luck <tony.luck@intel.com>
Link: https://lore.kernel.org/r/20190731043957.GA1600@agluck-desk2.amr.corp.intel.com
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/infiniband/core/user_mad.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/infiniband/core/user_mad.c b/drivers/infiniband/core/user_mad.c
index 57f281f8d6862..e9e75f40714cb 100644
--- a/drivers/infiniband/core/user_mad.c
+++ b/drivers/infiniband/core/user_mad.c
@@ -49,6 +49,7 @@
 #include <linux/sched.h>
 #include <linux/semaphore.h>
 #include <linux/slab.h>
+#include <linux/nospec.h>
 
 #include <asm/uaccess.h>
 
@@ -842,11 +843,14 @@ static int ib_umad_unreg_agent(struct ib_umad_file *file, u32 __user *arg)
 
 	if (get_user(id, arg))
 		return -EFAULT;
+	if (id >= IB_UMAD_MAX_AGENTS)
+		return -EINVAL;
 
 	mutex_lock(&file->port->file_mutex);
 	mutex_lock(&file->mutex);
 
-	if (id >= IB_UMAD_MAX_AGENTS || !__get_agent(file, id)) {
+	id = array_index_nospec(id, IB_UMAD_MAX_AGENTS);
+	if (!__get_agent(file, id)) {
 		ret = -EINVAL;
 		goto out;
 	}
-- 
2.20.1

next prev parent reply	other threads:[~2019-08-06 21:38 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-06 21:37 [PATCH AUTOSEL 4.4 01/14] xtensa: fix build for cores with coprocessors Sasha Levin
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 02/14] xen/pciback: remove set but not used variable 'old_state' Sasha Levin
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 03/14] irqchip/irq-imx-gpcv2: Forward irq type to parent Sasha Levin
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 04/14] perf header: Fix divide by zero error if f_header.attr_size==0 Sasha Levin
2019-08-19 12:07   ` Jack Wang
2019-08-19 14:15     ` Jiri Olsa
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 05/14] perf header: Fix use of unitialized value warning Sasha Levin
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 06/14] libata: zpodd: Fix small read overflow in zpodd_get_mech_type() Sasha Levin
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 07/14] scsi: hpsa: correct scsi command status issue after reset Sasha Levin
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 08/14] exit: make setting exit_state consistent Sasha Levin
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 09/14] ata: libahci: do not complain in case of deferred probe Sasha Levin
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 10/14] kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules Sasha Levin
2019-08-06 21:37 ` Sasha Levin [this message]
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 12/14] ocfs2: remove set but not used variable 'last_hash' Sasha Levin
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 13/14] coredump: split pipe command whitespace before expanding template Sasha Levin
2019-08-06 21:37 ` [PATCH AUTOSEL 4.4 14/14] asm-generic: fix -Wtype-limits compiler warnings Sasha Levin
2019-08-19 16:53 ` [PATCH AUTOSEL 4.4 01/14] xtensa: fix build for cores with coprocessors Ben Hutchings
2019-08-19 17:06   ` Max Filippov

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:57f281f8d686 dfblob:e9e75f40714c )
 OR (
bs:"[PATCH AUTOSEL 4.4 11/14] IB/core: Add mitigation for Spectre V1" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190806213749.20689-11-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=dledford@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-rdma@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=tony.luck@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.