projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aad3fdc) | patch
libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
authorJohn Garry <john.garry@huawei.com>
Fri, 8 Jun 2018 10:26:33 +0000 (18:26 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 24 Aug 2018 11:12:28 +0000 (13:12 +0200)
commit5600d61e7d9521f69bf500744cd6e72dd96d37ba
treecd0c091f9711cfde44bb03361141babe255e88adtree | snapshot (tar.gz zip)
parentaad3fdc0468b20cca5ee5949af95035e63b3dfeecommit | diff
libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()

[ Upstream commit fae2a63737e5973f1426bc139935a0f42e232844 ]

Currently smatch warns of possible Spectre-V1 issue in ahci_led_store():
drivers/ata/libahci.c:1150 ahci_led_store() warn: potential spectre issue 'pp->em_priv' (local cap)

Userspace controls @pmp from following callchain:
em_message->store()
->ata_scsi_em_message_store()
-->ap->ops->em_store()
--->ahci_led_store()

After the mask+shift @pmp is effectively an 8b value, which is used to
index into an array of length 8, so sanitize the array index.

Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/ata/libahci.c diff | blob | blame | history