From: Greg KH <gregkh@linuxfoundation.org>
To: Jacek Lawrynowicz <jacek.lawrynowicz@linux.intel.com>
Cc: dri-devel@lists.freedesktop.org, jeff.hugo@oss.qualcomm.com,
lizhi.hou@amd.com, stable@vger.kernel.org
Subject: Re: [PATCH] accel/ivpu: Fix potential Spectre issue in debugfs
Date: Fri, 8 Aug 2025 16:12:20 +0100 [thread overview]
Message-ID: <2025080810-putt-ungraded-d49c@gregkh> (raw)
In-Reply-To: <20250808111120.329022-1-jacek.lawrynowicz@linux.intel.com>
On Fri, Aug 08, 2025 at 01:11:20PM +0200, Jacek Lawrynowicz wrote:
> Fix potential Spectre vulnerability in repoted by smatch:
> warn: potential spectre issue 'vdev->hw->hws.grace_period' [w] (local cap)
> warn: potential spectre issue 'vdev->hw->hws.process_grace_period' [w] (local cap)
> warn: potential spectre issue 'vdev->hw->hws.process_quantum' [w] (local cap)
>
> The priority_bands_fops_write() function in ivpu_debugfs.c uses an
> index 'band' derived from user input. This index is used to write to
> the vdev->hw->hws.grace_period, vdev->hw->hws.process_grace_period,
> and vdev->hw->hws.process_quantum arrays.
>
> This pattern presented a potential Spectre Variant 1 (Bounds Check
> Bypass) vulnerability. An attacker-controlled 'band' value could
> theoretically lead to speculative out-of-bounds array writes if the
> CPU speculatively executed these assignments before the bounds check
> on 'band' was fully resolved.
You do know that debugfs access is restricted to root access only, so
spectre issues are the least of your worries if you have root :)
That being said, no real objection from me for this, but there's
probably a metric-ton of these in other debugfs files if you want to
start whacking away at them...
thanks,
greg k-h
prev parent reply other threads:[~2025-08-08 15:12 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-08 11:11 [PATCH] accel/ivpu: Fix potential Spectre issue in debugfs Jacek Lawrynowicz
2025-08-08 15:12 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025080810-putt-ungraded-d49c@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=jacek.lawrynowicz@linux.intel.com \
--cc=jeff.hugo@oss.qualcomm.com \
--cc=lizhi.hou@amd.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox