github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-14 10:03:05 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4d5f99ec00
linux/drivers/infiniband/core
History
Gustavo A. R. Silva 17eb02cc26 IB/ucm: Fix Spectre v1 vulnerability 
commit 0295e39595 upstream.

hdr.cmd can be indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/infiniband/core/ucm.c:1127 ib_ucm_write() warn: potential
spectre issue 'ucm_cmd_table' [r] (local cap)

Fix this by sanitizing hdr.cmd before using it to index
ucm_cmd_table.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-10 07:41:42 -08:00
..
addr.c RDMA/ucma: Introduce safer rdma_addr_size() variants 2018-04-08 11:51:59 +02:00
agent.c IB: split struct ib_send_wr 2015-10-08 11:09:10 +01:00
agent.h
cache.c IB/cache: Add ib_find_gid_by_filter cache API 2015-10-21 23:48:17 -04:00
cm_msgs.h
cm.c IB/cm: Mark stale CM id's whenever the mad agent was unregistered 2016-11-26 09:54:54 +01:00
cma.c RDMA/cma: Protect cma dev list with lock 2018-09-26 08:35:07 +02:00
core_priv.h IB/core: Use GID table in AH creation and dmac resolution 2015-10-21 23:48:17 -04:00
device.c IB/core: Expose and rename ib_find_cached_gid_by_port cache API 2015-10-21 23:48:17 -04:00
fmr_pool.c
iwcm.c
iwcm.h
iwpm_msg.c RDMA/core: Fixes for port mapper client registration 2015-07-14 13:20:10 -04:00
iwpm_util.c RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() 2018-03-24 10:58:47 +01:00
iwpm_util.h RDMA/core: Fixes for port mapper client registration 2015-07-14 13:20:10 -04:00
mad_priv.h IB: split struct ib_send_wr 2015-10-08 11:09:10 +01:00
mad_rmpp.c
mad_rmpp.h
mad.c RDMA/mad: Convert BUG_ONs to error flows 2018-08-06 16:24:31 +02:00
Makefile RDMA/ucm: Mark UCM interface as BROKEN 2018-07-17 11:31:46 +02:00
multicast.c IB/multicast: Check ib_find_pkey() return value 2017-01-09 08:07:51 +01:00
netlink.c IB/core: Add rdma netlink helper functions 2015-08-30 18:12:25 -04:00
opa_smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
packer.c
roce_gid_mgmt.c IB/core: Fix use after free of ifa 2015-10-20 13:10:46 -04:00
sa_query.c IB/SA: Use correct free function 2016-08-20 18:09:25 +02:00
sa.h
smi.c IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
sysfs.c IB/core: Fix sysfs registration error flow 2017-05-20 14:27:00 +02:00
ucm.c IB/ucm: Fix Spectre v1 vulnerability 2018-11-10 07:41:42 -08:00
ucma.c RDMA/ucma: Fix Spectre v1 vulnerability 2018-11-10 07:41:42 -08:00
ud_header.c
umem_odp.c
umem_rbtree.c
umem.c IB/core: Make testing MR flags for writability a static inline function 2018-08-15 17:42:06 +02:00
user_mad.c IB/core: lock client data with lists_rwsem 2015-08-30 15:48:21 -04:00
uverbs_cmd.c infiniband/uverbs: Fix integer overflows 2018-03-24 10:58:43 +01:00
uverbs_main.c IB/uverbs: Fix leak of XRC target QPs 2016-11-26 09:54:54 +01:00
uverbs_marshall.c IB/core: Remove smac and vlan id from path record 2015-10-21 23:48:18 -04:00
uverbs.h IB/uverbs: Fix race between uverbs_close and remove_one 2016-09-24 10:07:37 +02:00
verbs.c IB core: Fix ib_sg_to_pages() 2015-12-07 17:20:12 -05:00