Received: by 10.223.185.116 with SMTP id b49csp2227423wrg;
        Thu, 15 Feb 2018 08:24:18 -0800 (PST)
X-Google-Smtp-Source: AH8x2256/psj/DwdbxW93EvIXnEdNbLvZucNByx8QJUcB5EF1GwekmYIO1ZI9u79yQ6iqUHyAEiw
X-Received: by 2002:a17:902:1e5:: with SMTP id b92-v6mr3013121plb.383.1518711858545;
        Thu, 15 Feb 2018 08:24:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518711858; cv=none;
        d=google.com; s=arc-20160816;
        b=zVhpOPDqF42gl0+NvCg2gfzRjDycUiKNnuO3w1iCrrYgSXxNOIWjKpFH0NVyBn5Wqf
         LiEbaJz+/nY1AxpSvo2B5t8ZT59PyHfW+tR1rVRoTKQqz31jyjhp1mVpOiVQx84/GTN3
         70GXWv4GHuMoyJNlkyMXoWs7Dd9PHWnxlYIbDMBGeXFpjkx1DdhWRppLf6fP85T9r2Qw
         hrRDfXwAk5uetOeKe7jr8DUuZAV0KRKPd2uAjBFVBsF+JM1fz6XUKypg8hG3gjj1Cz/j
         0Yuxm+taMksEHPRK5Bn2oGq9B00WafwDktA0IpbuTvR/DMPfANcCwfm0aPSeObhCaPZk
         wr5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date
         :arc-authentication-results;
        bh=XmN7b1vhhw6/i//srF1HbLL0kiiMGPlsDSDRKPOESoU=;
        b=IeKPYGlLUFQmskvthPkU3WV/JTWQrMQwlolTbPMJmn6BuuVGRZB5tyHEIsm5I4B30R
         tpEgCUYUU14/s6mjYLVmVGBiBkY06zlGtMaj5s6NCGCmT0ybVueRSW5rqcqZWiBTDGWo
         j+OkiTSqyTJcLGI1wk2cr5Bz/PZ/jpya1D0W3z5kOrKaUxD1TfnbB0iM2J3HAVxJPrf+
         jqGCs36sQg/JpYNVecNXft+TmizZSjUK3aMdQKXfl6IKXpeWz5bKqQF4CSeINIFr8jFU
         ylOR+PEEHuutaqMGFaC7ujONwKBFsCCbdz6rzpDgu0XQotemhyBA4N6liqYGlgGicRwg
         R8pA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k139si1661581pfd.12.2018.02.15.08.24.03;
        Thu, 15 Feb 2018 08:24:18 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1425763AbeBOQVx (ORCPT <rfc822;kkdevenda@gmail.com> + 99 others);
        Thu, 15 Feb 2018 11:21:53 -0500
Received: from Galois.linutronix.de ([146.0.238.70]:54653 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1425701AbeBOQVv (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 15 Feb 2018 11:21:51 -0500
Received: from p4fea5f09.dip0.t-ipconnect.de ([79.234.95.9] helo=nanos.glx-home)
        by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.80)
        (envelope-from <tglx@linutronix.de>)
        id 1emMEw-0001uC-2y; Thu, 15 Feb 2018 17:18:30 +0100
Date:   Thu, 15 Feb 2018 17:21:55 +0100 (CET)
From:   Thomas Gleixner <tglx@linutronix.de>
To:     Dan Williams <dan.j.williams@intel.com>
cc:     Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
        LKML <linux-kernel@vger.kernel.org>,
        Ingo Molnar <mingo@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Greg KH <gregkh@linuxfoundation.org>,
        Peter Zijlstra <peterz@infradead.org>
Subject: [PATCH V2] posix-timers: Protect posix clock array access against
 speculation
In-Reply-To: <alpine.DEB.2.21.1802151550330.1296@nanos.tec.linutronix.de>
Message-ID: <alpine.DEB.2.21.1802151718320.1296@nanos.tec.linutronix.de>
References: <alpine.DEB.2.21.1802151424490.1296@nanos.tec.linutronix.de> <45f8dece-e235-0831-4fe5-89ee7d27b959@prevas.dk> <CAPcyv4i-bULZp1WTUgUVtdEY5i_fTGkFWKBsVLDu6dsuxUwoug@mail.gmail.com> <alpine.DEB.2.21.1802151550330.1296@nanos.tec.linutronix.de>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required,  ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The clockid argument of clockid_to_kclock() comes straight from user space
via various syscalls and is used as index into the posix_clocks array.

Protect it against spectre v1 array out of bounds speculation. Remove the
redundant check for !posix_clock[id] as this is another source for
speculation and does not provide any advantage over the return
posix_clock[id] path which returns NULL in that case anyway.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
---

V2: Remove the redundant !posix_clocks[id] check.

 kernel/time/posix-timers.c |   11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

--- a/kernel/time/posix-timers.c
+++ b/kernel/time/posix-timers.c
@@ -50,6 +50,7 @@
 #include <linux/export.h>
 #include <linux/hashtable.h>
 #include <linux/compat.h>
+#include <linux/nospec.h>
 
 #include "timekeeping.h"
 #include "posix-timers.h"
@@ -1346,11 +1347,15 @@ static const struct k_clock * const posi
 
 static const struct k_clock *clockid_to_kclock(const clockid_t id)
 {
-	if (id < 0)
+	clockid_t idx = id;
+
+	if (id < 0) {
 		return (id & CLOCKFD_MASK) == CLOCKFD ?
 			&clock_posix_dynamic : &clock_posix_cpu;
+	}
 
-	if (id >= ARRAY_SIZE(posix_clocks) || !posix_clocks[id])
+	if (id >= ARRAY_SIZE(posix_clocks))
 		return NULL;
-	return posix_clocks[id];
+
+	return posix_clocks[array_index_nospec(idx, ARRAY_SIZE(posix_clocks))];
 }