Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 76b61ead8f4d913cc0493db624f3ac3ca8986a71
commit76b61ead8f4d913cc0493db624f3ac3ca8986a71[log] [tgz]
authorGustavo A. R. Silva <gustavo@embeddedor.com>Wed Aug 15 10:50:41 2018 -0500
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Wed Sep 26 08:36:35 2018 +0200
treec95b43907dac58a1557abbf554d324f5bfa749ef
parent2516ead0aaf8145c155ff7d19c32038b8de099d8 [diff]
misc: hmc6352: fix potential Spectre v1

commit de916736aaaadddbd6061472969f667b14204aa9 upstream.

val is indirectly controlled by user-space, hence leading to a
potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/misc/hmc6352.c:54 compass_store() warn: potential spectre issue
'map' [r]

Fix this by sanitizing val before using it to index map

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: c95b43907dac58a1557abbf554d324f5bfa749ef
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS