From mboxrd@z Thu Jan  1 00:00:00 1970
From: Richard Cochran <richardcochran@gmail.com>
Subject: Re: [PATCH] ptp: fix Spectre v1 vulnerability
Date: Tue, 16 Oct 2018 08:15:49 -0700
Message-ID: <20181016151549.4ynsmoubmp3ywcf6@localhost>
References: <20181016130641.GA603@embeddedor.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: "David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org
To: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
Return-path: <linux-kernel-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <20181016130641.GA603@embeddedor.com>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: netdev.vger.kernel.org

On Tue, Oct 16, 2018 at 03:06:41PM +0200, Gustavo A. R. Silva wrote:
> pin_index can be indirectly controlled by user-space, hence leading
> to a potential exploitation of the Spectre variant 1 vulnerability.
> 
> This issue was detected with the help of Smatch:
> 
> drivers/ptp/ptp_chardev.c:253 ptp_ioctl() warn: potential spectre issue
> 'ops->pin_config' [r] (local cap)
> 
> Fix this by sanitizing pin_index before using it to index
> ops->pin_config, and before passing it as an argument to
> function ptp_set_pinfunc(), in which it is used to index
> info->pin_config.

Acked-by: Richard Cochran <richardcochran@gmail.com>