git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Gustavo A. R. Silva <gustavo@embeddedor.com>
	Mon, 23 Jul 2018 16:32:32 +0000 (11:32 -0500)
committer	Stefan Bader <stefan.bader@canonical.com>
	Wed, 24 Apr 2019 08:09:07 +0000 (10:09 +0200)
commit	d66e9a0b0e882d891fe51cc6c03382421f808ff4
tree	5ab73846af79fd14d660b7601a3854a86a6bfb0e	tree
parent	1ce9332c6cc7a62bae28b63d2e136ed91bcd0b5b	commit \| diff

drm/amdgpu/pm: Fix potential Spectre v1

idx can be indirectly controlled by user-space, hence leading to a
potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c:408 amdgpu_set_pp_force_state()
warn: potential spectre issue 'data.states'

Fix this by sanitizing idx before using it to index data.states

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
CVE-2017-5753

(backported from commit ddf74e79a54070f277ae520722d3bab7f7a6c67a)
[juergh: Adjusted context.]
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>