diff options
author | Zhen Chen <chenzhen@rock-chips.com> | 2019-04-01 16:41:07 +0800 |
---|---|---|
committer | Guochun Huang <hero.huang@rock-chips.com> | 2019-04-12 15:26:40 +0800 |
commit | 1d7e0109221e4676f2a75f294531ce3f7bab8fbb (patch) | |
tree | 584240bc026855f8e19833791ba20df6c267e6c3 /crypto/pcbc.c | |
parent | 81624807282fdb6a2e8cea1a83060ec6b5391eed (diff) |
Mali: midgard: fix Spectre v1 vulnerability
user_atom.atom_number can be indirectly controlled by user-space,
hence leading to a potential exploitation
of the Spectre variant 1 vulnerability.
This issue was detected with the help of Smatch:
drivers/gpu/arm/midgard/mali_kbase_jd.c:1397 kbase_jd_submit() warn:
potential spectre issue 'jctx->atoms' [r]
katom = &jctx->atoms[user_atom.atom_number];
Fix this by sanitizing user_atom.atom_number
before 'katom = &jctx->atoms[user_atom.atom_number];'.
Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].
[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
Fixes: 5cf27d0b6090 ("Mali: midgard: changes to enlarge BASE_JD_ATOM_COUNT to 512, for defect 184210")
Change-Id: If52f30d29a80a06c6693ddadd5947ab9fe8fbc25
Signed-off-by: Zhen Chen <chenzhen@rock-chips.com>
Diffstat (limited to 'crypto/pcbc.c')
0 files changed, 0 insertions, 0 deletions