On Thu, May 17, 2018 at 03:16:28PM -0500, Gustavo A. R. Silva wrote: > pdev_nr and rhport can be controlled by user-space, hence leading to > a potential exploitation of the Spectre variant 1 vulnerability. > > This issue was detected with the help of Smatch: > drivers/usb/usbip/vhci_sysfs.c:238 detach_store() warn: potential spectre issue 'vhcis' > drivers/usb/usbip/vhci_sysfs.c:328 attach_store() warn: potential spectre issue 'vhcis' > drivers/usb/usbip/vhci_sysfs.c:338 attach_store() warn: potential spectre issue 'vhci->vhci_hcd_ss->vdev' > drivers/usb/usbip/vhci_sysfs.c:340 attach_store() warn: potential spectre issue 'vhci->vhci_hcd_hs->vdev' > > Fix this by sanitizing pdev_nr and rhport before using them to index > vhcis and vhci->vhci_hcd_ss->vdev respectively. > > Notice that given that speculation windows are large, the policy is > to kill the speculation on the first load and not worry if it can be > completed with a dependent load/store [1]. > > [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 > > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx> > --- > Changes in v2: > - Place the barriers into valid_port. Thanks for the change. I'll wait for Shuah's ack/review before queueing this up just as she knows that codebase much better than anyone else. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
