git.baikalelectronics.ru Git - kernel.git/commit

author	Gustavo A. R. Silva <gustavo@embeddedor.com>
	Fri, 3 Aug 2018 03:40:19 +0000 (22:40 -0500)
committer	Zhenyu Wang <zhenyuw@linux.intel.com>
	Tue, 14 Aug 2018 07:26:49 +0000 (15:26 +0800)
commit	499add4f9afe4456b7a3cea55f87af2d998b7c66
tree	8d187c054a300041da5f450f4c37dbfe4fcde471	tree \| snapshot
parent	57ba3bd0633285c991328495eff3d16e1eafd9ca	commit \| diff

drm/i915/kvmgt: Fix potential Spectre v1

info.index can be indirectly controlled by user-space, hence leading
to a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/gpu/drm/i915/gvt/kvmgt.c:1232 intel_vgpu_ioctl() warn:
potential spectre issue 'vgpu->vdev.region' [r]

Fix this by sanitizing info.index before indirectly using it to index
vgpu->vdev.region

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>