From: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
On Thu, 23 May 2024 08:53:32 +0000, Hagar Hemdan wrote:
> Userspace may trigger a speculative read of an address outside the gpio
> descriptor array.
> Users can do that by calling gpio_ioctl() with an offset out of range.
> Offset is copied from user and then used as an array index to get
> the gpio descriptor without sanitization in gpio_device_get_desc().
>
> This change ensures that the offset is sanitized by using
> array_index_nospec() to mitigate any possibility of speculative
> information leaks.
>
> [...]
Applied, thanks!
[1/1] gpio: prevent potential speculation leaks in gpio_device_get_desc()
commit: d795848ecce24a75dfd46481aee066ae6fe39775
Best regards,
--
Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
Re: [PATCH v4] gpio: prevent potential speculation leaks in gpio_device_get_desc()
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [PATCH v4] gpio: prevent potential speculation leaks in gpio_device_get_desc()
- From: Bartosz Golaszewski <brgl@xxxxxxxx>
- Date: Mon, 27 May 2024 16:51:51 +0200
- In-reply-to: <20240523085332.1801-1-hagarhem@amazon.com>
- References: <20240523085332.1801-1-hagarhem@amazon.com>
- References:
- Prev by Date: Re: [PATCH v1 1/1] gpio: Remove legacy API documentation
- Next by Date: Re: [PATCH] docs: gpio: prefer pread(2) for interrupt reading
- Previous by thread: [PATCH v4] gpio: prevent potential speculation leaks in gpio_device_get_desc()
- Next by thread: [PATCH 0/2] Bugfix in the error handling of gp_aux_bus_probe()
- Index(es):
 |