]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 346e173) | patch
libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
authorJohn Garry <john.garry@huawei.com>
Fri, 8 Jun 2018 10:26:33 +0000 (18:26 +0800)
committerStefan Bader <stefan.bader@canonical.com>
Wed, 24 Apr 2019 08:09:06 +0000 (10:09 +0200)
commitdec6104e8322b323ff6f6f46947befd7ae400a53
tree0a1912601c5d4b37acf28938d8e34d67c1d3f720tree
parent346e17304d7c96775ff5e1d2161a9927381acc05commit | diff
libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()

Currently smatch warns of possible Spectre-V1 issue in ahci_led_store():
drivers/ata/libahci.c:1150 ahci_led_store() warn: potential spectre issue 'pp->em_priv' (local cap)

Userspace controls @pmp from following callchain:
em_message->store()
->ata_scsi_em_message_store()
-->ap->ops->em_store()
--->ahci_led_store()

After the mask+shift @pmp is effectively an 8b value, which is used to
index into an array of length 8, so sanitize the array index.

Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
CVE-2017-5753

(cherry picked from commit fae2a63737e5973f1426bc139935a0f42e232844)
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
drivers/ata/libahci.c diff | blob | blame | history
ubuntu-bionic-kernel mirror