* [PATCH 0/1] cdrom: spectre-v1 patch for 6.5
@ 2023-06-17 11:38 Phillip Potter
2023-06-17 11:38 ` [PATCH 1/1] cdrom: Fix spectre-v1 gadget Phillip Potter
2023-06-22 13:48 ` [PATCH 0/1] cdrom: spectre-v1 patch for 6.5 Jens Axboe
0 siblings, 2 replies; 3+ messages in thread
From: Phillip Potter @ 2023-06-17 11:38 UTC (permalink / raw)
To: axboe; +Cc: linux-block
Hi Jens,
Please apply the following patch from Jordy Zomer, which introduces a
spectre-v1 mitigation within the CDROM_MEDIA_CHANGED ioctl handler of
drivers/cdrom/cdrom.c, to your for-6.5/block branch.
Many thanks in advance.
Regards,
Phil
Jordy Zomer (1):
cdrom: Fix spectre-v1 gadget
drivers/cdrom/cdrom.c | 4 ++++
1 file changed, 4 insertions(+)
--
2.40.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/1] cdrom: Fix spectre-v1 gadget
2023-06-17 11:38 [PATCH 0/1] cdrom: spectre-v1 patch for 6.5 Phillip Potter
@ 2023-06-17 11:38 ` Phillip Potter
2023-06-22 13:48 ` [PATCH 0/1] cdrom: spectre-v1 patch for 6.5 Jens Axboe
1 sibling, 0 replies; 3+ messages in thread
From: Phillip Potter @ 2023-06-17 11:38 UTC (permalink / raw)
To: axboe; +Cc: linux-block
From: Jordy Zomer <jordyzomer@google.com>
This patch fixes a spectre-v1 gadget in cdrom.
The gadget could be triggered by speculatively
bypassing the cdi->capacity check.
Signed-off-by: Jordy Zomer <jordyzomer@google.com>
Link: https://lore.kernel.org/all/20230612110040.849318-2-jordyzomer@google.com
Reviewed-by: Phillip Potter <phil@philpotter.co.uk>
Link: https://lore.kernel.org/all/ZI1+1OG9Ut1MqsUC@equinox
Signed-off-by: Phillip Potter <phil@philpotter.co.uk>
---
drivers/cdrom/cdrom.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index 416f723a2dbb..ecf2b458c108 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -264,6 +264,7 @@
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/mm.h>
+#include <linux/nospec.h>
#include <linux/slab.h>
#include <linux/cdrom.h>
#include <linux/sysctl.h>
@@ -2329,6 +2330,9 @@ static int cdrom_ioctl_media_changed(struct cdrom_device_info *cdi,
if (arg >= cdi->capacity)
return -EINVAL;
+ /* Prevent arg from speculatively bypassing the length check */
+ barrier_nospec();
+
info = kmalloc(sizeof(*info), GFP_KERNEL);
if (!info)
return -ENOMEM;
--
2.40.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 0/1] cdrom: spectre-v1 patch for 6.5
2023-06-17 11:38 [PATCH 0/1] cdrom: spectre-v1 patch for 6.5 Phillip Potter
2023-06-17 11:38 ` [PATCH 1/1] cdrom: Fix spectre-v1 gadget Phillip Potter
@ 2023-06-22 13:48 ` Jens Axboe
1 sibling, 0 replies; 3+ messages in thread
From: Jens Axboe @ 2023-06-22 13:48 UTC (permalink / raw)
To: Phillip Potter; +Cc: linux-block
On Sat, 17 Jun 2023 12:38:27 +0100, Phillip Potter wrote:
> Please apply the following patch from Jordy Zomer, which introduces a
> spectre-v1 mitigation within the CDROM_MEDIA_CHANGED ioctl handler of
> drivers/cdrom/cdrom.c, to your for-6.5/block branch.
>
> Many thanks in advance.
>
> Regards,
> Phil
>
> [...]
Applied, thanks!
[1/1] cdrom: Fix spectre-v1 gadget
commit: 8270cb10c0681d52fce508f827dfa1688d3acc3a
Best regards,
--
Jens Axboe
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-06-22 13:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-17 11:38 [PATCH 0/1] cdrom: spectre-v1 patch for 6.5 Phillip Potter
2023-06-17 11:38 ` [PATCH 1/1] cdrom: Fix spectre-v1 gadget Phillip Potter
2023-06-22 13:48 ` [PATCH 0/1] cdrom: spectre-v1 patch for 6.5 Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox