summaryrefslogtreecommitdiffstats
path: root/fs/xfs/xfs_refcount_item.h
diff options
context:
space:
mode:
authorBreno Leitao <leitao@debian.org>2019-01-30 10:46:00 -0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-04-05 22:34:42 +0200
commitc730d6c156c61ec425b3771c5d70a63fb3a75e32 (patch)
tree6a99a35ceb648c03eb651eaa10f89edc170ef5e4 /fs/xfs/xfs_refcount_item.h
parent8e74000fd6563fe882c9a7780bc4f6a989c7affe (diff)
downloadtalos-obmc-linux-c730d6c156c61ec425b3771c5d70a63fb3a75e32.tar.gz
talos-obmc-linux-c730d6c156c61ec425b3771c5d70a63fb3a75e32.zip
powerpc/ptrace: Mitigate potential Spectre v1
[ Upstream commit ebb0e13ead2ddc186a80b1b0235deeefc5a1a667 ] 'regno' is directly controlled by user space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. On PTRACE_SETREGS and PTRACE_GETREGS requests, user space passes the register number that would be read or written. This register number is called 'regno' which is part of the 'addr' syscall parameter. This 'regno' value is checked against the maximum pt_regs structure size, and then used to dereference it, which matches the initial part of a Spectre v1 (and Spectre v1.1) attack. The dereferenced value, then, is returned to userspace in the GETREGS case. This patch sanitizes 'regno' before using it to dereference pt_reg. Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Signed-off-by: Breno Leitao <leitao@debian.org> Acked-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'fs/xfs/xfs_refcount_item.h')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud