From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8A95382294 for ; Fri, 24 Apr 2026 09:35:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777023338; cv=none; b=bEfC3njrlqx/jyb1VHRZOpBIGHsIlrXGBkfRTP1IQZqJwa8rYWXZtQd5kNudzh97U4fr01t4dKdOtnQ5KvrzsMsB951DX76rcs06yejcjL9Ung7pW8LV/lfDlZr4/HFePmVByQJYXEN26Way1WYSqY78C6wbHafT83HPQJDnZkY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777023338; c=relaxed/simple; bh=1k0bsJMewaDwgclciwxxFicnf40q6Qiows39SZI/O54=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=PDq075xelJDiXiWOWlXDiAnRYucBPw3/3lrXyJL8qRd3fdz0oo8mVe93vz/1U/trTA2lf6G/8keU3bO+io7nuwJb0++QxFa8oCSFQg/puyJlAXuwNUoWcW96GL7EIKvCOBhL2cAJ+QEEd7WGbYrW85aZBamoNL4TWm6mhWFKjBw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=Pba+cvKd; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="Pba+cvKd" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 45E1AC19425; Fri, 24 Apr 2026 09:35:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1777023337; bh=1k0bsJMewaDwgclciwxxFicnf40q6Qiows39SZI/O54=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Pba+cvKdhjrB6YC2EtpzVvRNWS/XXbSTIa7+dAUUZkIpEVbUznj8XSkdDjuBANOtD 8Bl1DI5t0+oevDjNxzSR3mz+3HJ2yX/3ImZt4ymLU/yKzfCUeWfOx8g9Ao4Pl81ASw R0a5C7ac9cNtseIgEU+Q+7/PMXW0voQ3ZnYyZIDk= Date: Fri, 24 Apr 2026 11:35:35 +0200 From: Greg KH To: Hongling Zeng Cc: dpenkler@gmail.com, jkoolstra@xs4all.nl, lukeyang.dev@gmail.com, viro@zeniv.linux.org.uk, kees@kernel.org, harshit.m.mogalapalli@oracle.com, colin.i.king@gmail.com, linux-kernel@vger.kernel.org, zhongling0719@126.com Subject: Re: [PATCH] gpib: fix spectre v1 vulnerabilities in descriptor handling Message-ID: <2026042403-deceit-clamor-62e0@gregkh> References: <20260424090012.13055-1-zenghongling@kylinos.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260424090012.13055-1-zenghongling@kylinos.cn> On Fri, Apr 24, 2026 at 05:00:12PM +0800, Hongling Zeng wrote: > Fix potential Spectre v1 vulnerabilities in the GPIB driver's > descriptor handling code. The issues occur when using user-controlled > handle values as array indices after bounds checking. > > Use array_index_nospec() to prevent speculative execution from > bypassing the bounds check, which could leak information via > side-channel attacks. > > Signed-off-by: Hongling Zeng > --- > drivers/gpib/common/gpib_os.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpib/common/gpib_os.c b/drivers/gpib/common/gpib_os.c > index 5909274ddc12..ff4019d51b51 100644 > --- a/drivers/gpib/common/gpib_os.c > +++ b/drivers/gpib/common/gpib_os.c > @@ -19,6 +19,7 @@ > #include > #include > #include > +#include > #include > #include > > @@ -1312,6 +1313,8 @@ static int close_dev_ioctl(struct file *filep, struct gpib_board *board, unsigne > > if (cmd.handle >= GPIB_MAX_NUM_DESCRIPTORS) > return -EINVAL; > + > + cmd.handle = array_index_nospec(cmd.handle, GPIB_MAX_NUM_DESCRIPTORS); > > mutex_lock(&file_priv->descriptors_mutex); > desc = file_priv->descriptors[cmd.handle]; > -- > 2.25.1 > What tool found this issue? And why did you not run scripts/checkpatch.pl on the patch to notice the error you added to the file with this change? :( thanks, greg k-h