| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 17 Jun 2023 10:37:24 +0100 From: Phillip Potter <phil@...lpotter.co.uk> To: Jordy Zomer <jordyzomer@...gle.com> Cc: linux-kernel@...r.kernel.org, linux-block@...r.kernel.org Subject: Re: [PATCH v2 1/1] cdrom: Fix spectre-v1 gadget On Mon, Jun 12, 2023 at 11:00:40AM +0000, Jordy Zomer wrote: > This patch fixes a spectre-v1 gadget in cdrom. > The gadget could be triggered by, > speculatviely bypassing the cdi->capacity check. > > Signed-off-by: Jordy Zomer <jordyzomer@...gle.com> > --- > drivers/cdrom/cdrom.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c > index 416f723a2dbb..ecf2b458c108 100644 > --- a/drivers/cdrom/cdrom.c > +++ b/drivers/cdrom/cdrom.c > @@ -264,6 +264,7 @@ > #include <linux/errno.h> > #include <linux/kernel.h> > #include <linux/mm.h> > +#include <linux/nospec.h> > #include <linux/slab.h> > #include <linux/cdrom.h> > #include <linux/sysctl.h> > @@ -2329,6 +2330,9 @@ static int cdrom_ioctl_media_changed(struct cdrom_device_info *cdi, > if (arg >= cdi->capacity) > return -EINVAL; > > + /* Prevent arg from speculatively bypassing the length check */ > + barrier_nospec(); > + > info = kmalloc(sizeof(*info), GFP_KERNEL); > if (!info) > return -ENOMEM; > -- > 2.41.0.162.gfafddb0af9-goog > Hi Jordy, Looks good to me, Reviewed-by: Phillip Potter <phil@...lpotter.co.uk> I will forward on for inclusion. Regards, Phil
Powered by blists - more mailing lists