| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230612110040.849318-2-jordyzomer@google.com> Date: Mon, 12 Jun 2023 11:00:40 +0000 From: Jordy Zomer <jordyzomer@...gle.com> To: linux-kernel@...r.kernel.org Cc: phil@...lpotter.co.uk, Jordy Zomer <jordyzomer@...gle.com> Subject: [PATCH v2 1/1] cdrom: Fix spectre-v1 gadget This patch fixes a spectre-v1 gadget in cdrom. The gadget could be triggered by, speculatviely bypassing the cdi->capacity check. Signed-off-by: Jordy Zomer <jordyzomer@...gle.com> --- drivers/cdrom/cdrom.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index 416f723a2dbb..ecf2b458c108 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -264,6 +264,7 @@ #include <linux/errno.h> #include <linux/kernel.h> #include <linux/mm.h> +#include <linux/nospec.h> #include <linux/slab.h> #include <linux/cdrom.h> #include <linux/sysctl.h> @@ -2329,6 +2330,9 @@ static int cdrom_ioctl_media_changed(struct cdrom_device_info *cdi, if (arg >= cdi->capacity) return -EINVAL; + /* Prevent arg from speculatively bypassing the length check */ + barrier_nospec(); + info = kmalloc(sizeof(*info), GFP_KERNEL); if (!info) return -ENOMEM; -- 2.41.0.162.gfafddb0af9-goog
Powered by blists - more mailing lists