| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Jun 2023 20:10:24 +0100
From: Phillip Potter <phil@...lpotter.co.uk>
To: Jordy Zomer <jordyzomer@...gle.com>
Cc: linux-kernel@...r.kernel.org, jordyzomer@...gle.com,
pawan.kumar.gupta@...ux.intel.com, linux-block@...r.kernel.org
Subject: Re: [PATCH 1/1] cdrom: Fix spectre-v1 gadget
On Fri, Jun 09, 2023 at 01:13:55PM +0000, Jordy Zomer wrote:
> This patch fixes a spectre-v1 gadget in cdrom.
> The gadget could be triggered by,
> speculatviely bypassing the cdi->capacity check.
>
> Signed-off-by: Jordy Zomer <jordyzomer@...gle.com>
> ---
> drivers/cdrom/cdrom.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
> index 416f723a2dbb..3c349bc0a269 100644
> --- a/drivers/cdrom/cdrom.c
> +++ b/drivers/cdrom/cdrom.c
> @@ -233,6 +233,7 @@
>
> -------------------------------------------------------------------------*/
>
> +#include "asm/barrier.h"
> #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>
> #define REVISION "Revision: 3.20"
> @@ -2329,6 +2330,8 @@ static int cdrom_ioctl_media_changed(struct cdrom_device_info *cdi,
> if (arg >= cdi->capacity)
> return -EINVAL;
>
> + arg = array_index_mask_nospec(arg, cdi->capacity);
> +
> info = kmalloc(sizeof(*info), GFP_KERNEL);
> if (!info)
> return -ENOMEM;
> --
> 2.41.0.162.gfafddb0af9-goog
>
Hi Jordy,
Thanks for the patch, much appreciated. Sadly, as Pawan has already
pointed out, array_index_mask_nospec actually changes the behaviour of
this function, such that 'arg' would no longer be an array index.
In addition, it seems to have triggered the kernel test robot with an
alpha build error.
Regards,
Phil
Powered by blists - more mailing lists