Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp810521lqo;
        Fri, 17 May 2024 02:09:50 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCWq4fuRCZGyFmlVexBwGY34D/8riuiyje1Iju6R11p+JHN+mEOEKGV9CEzw8NuDDpL016Er+T4TsMYQ4umJ/xR05i+b+OB42dgnxJHhng==
X-Google-Smtp-Source: AGHT+IFZRu/N+W/DFxRwJxu9ha0I+DtA0TXXAF8nQ45zTmRC6UcNt1SMfJZu3BBli3TvSJ6pPbfJ
X-Received: by 2002:a9d:7f92:0:b0:6f0:6ea7:6154 with SMTP id 46e09a7af769-6f0e90f483fmr27628199a34.3.1715936990618;
        Fri, 17 May 2024 02:09:50 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715936990; cv=pass;
        d=google.com; s=arc-20160816;
        b=xypgTDqDctYyUjJlAvmzrccvy903DyVwSWjxd92zLvgjhUT8DX8Fxqvrhe6zA0bo2y
         zYpJ9hYpsVQTLvxqSKzK+WbQSNIESrVeCrbP07ZTVz9Seu5yF4jYb0MaWC5U6Ley22wL
         1qfJTGStH+g+W2DtJHAKHj/7Jkm4OTvWty23MJao/7KkuJni26pSTLS4DKKrBLciqSTp
         g1jAf42vQUiR39qqEvX7yFtFKcp1/m7y67NcaApq7I7HyHFg/IJkD6jvhGBRYbd53FMb
         a1Uj5SFZLeVLxurjGT4eysjewup7wd3Myu0IQ88ZDql+HnNgVlGlBF8E8QTV/x0ptRMR
         rGhA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=5Ba8ICHWwdNpQ0y5aYfPooTOCldSdI7hhNa1Qp6LBI8=;
        fh=oohzykGtsPnPHfHEdUuhEEh8cgI8SmYe7HH3p7haqMw=;
        b=wWv12FUfYU/RGgSkeF3WEVyYKt1ZmuedpvvD4zr94LRmAfxm9+VzPv8ZQC5bw2QzXy
         VnbYxy0DxFvU01kISgU4l3Lv+Bs020OfrYxAhGRRSlcMl8XUn296ntKnTDIsHqs9XfWs
         slMnqD6GJr5wYA9f8mTEZ0lMuOHi4AQLx8d5EXWezjZmy0BhLHu4dbiYZiZWKehPvsxZ
         fxKBt6ZRXAVnECXng/amHS5wHCFqtDpRFLtdQOeR8uLBy/yXrfEduh7eWS9rpOEuY6hk
         bef2lTUF145F7w9LVK9t/XoVOai9ubmtVKKaNdnRuotcxwgxn6xedsiX2ZKgXiE1DwAG
         1TEQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@amazon.com header.s=amazon201209 header.b="WD/OW2C+";
       arc=pass (i=1 spf=pass spfdomain=amazon.com dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com);
       spf=pass (google.com: domain of linux-kernel+bounces-181899-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-181899-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Return-Path: <linux-kernel+bounces-181899-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id 41be03b00d2f7-654cde21631si5627314a12.689.2024.05.17.02.09.50
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 17 May 2024 02:09:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-181899-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amazon.com header.s=amazon201209 header.b="WD/OW2C+";
       arc=pass (i=1 spf=pass spfdomain=amazon.com dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com);
       spf=pass (google.com: domain of linux-kernel+bounces-181899-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-181899-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 39A37283EB0
	for <linux.lists.archive@gmail.com>; Fri, 17 May 2024 09:09:50 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 67E731EB37;
	Fri, 17 May 2024 09:09:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="WD/OW2C+"
Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0484E1EB26;
	Fri, 17 May 2024 09:09:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.95.49.90
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1715936982; cv=none; b=m7+FNXEtWY6keyOdVek/oGdG9RgBbsnlGPFE/hlqOh8qWGkKCTRJMAHVpwh20oqyQ+ah34S9JvjUWHlmNxQkR0mH+dujdBFfZvpuMw0Kf9a/qS4DA2Ve8j8l9xCCssYyPSaJGm0O+5xBdj6+taI4HYXElM73q3zvePSpZZK2Eyk=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1715936982; c=relaxed/simple;
	bh=tniEtfsi5V9FE9TVnUHbY0dOa1eHuV1iWAmiiFrBCIw=;
	h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=OKBCSksYjSNGMIAHYyXs4VG6Ws8058Pt+YAF4Ri+0ZOgzuxatwKGMxqcjeIQ7ghlyCiJ6LndHtqxXifvpb0D/vAhN4aQKrwOffPzWViofJIWnbN1YO7Phwx2PwudXj3Sppymsf0sO6nDbbLRgYH7Vd/Lx0DVx5dqaGacLn8W/xE=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=WD/OW2C+; arc=none smtp.client-ip=52.95.49.90
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209;
  t=1715936981; x=1747472981;
  h=from:to:cc:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=5Ba8ICHWwdNpQ0y5aYfPooTOCldSdI7hhNa1Qp6LBI8=;
  b=WD/OW2C+MLjw+xB9yYXfdO7mnHm1xU79MgsyNb8+B6Wqmut3bIyB7118
   ZBOcJQ6p7bF1C+SJ0yEJfUN4CKPUCMJLy9UWp8KUP5La+RtaRzVk6hcCX
   JoHWDTR5/L5+pC0dtN67EcZEDfdz66MA9rYQMuPYWUgSGiuk5H21XUtj/
   Y=;
X-IronPort-AV: E=Sophos;i="6.08,167,1712620800"; 
   d="scan'208";a="407387397"
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.6])
  by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2024 09:09:38 +0000
Received: from EX19MTAEUA002.ant.amazon.com [10.0.43.254:33542]
 by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.18.108:2525] with esmtp (Farcaster)
 id 304138a9-3ff4-49f5-942a-3d354180ede7; Fri, 17 May 2024 09:09:36 +0000 (UTC)
X-Farcaster-Flow-ID: 304138a9-3ff4-49f5-942a-3d354180ede7
Received: from EX19D002EUC004.ant.amazon.com (10.252.51.230) by
 EX19MTAEUA002.ant.amazon.com (10.252.50.124) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1258.28; Fri, 17 May 2024 09:09:36 +0000
Received: from EX19MTAUEC001.ant.amazon.com (10.252.135.222) by
 EX19D002EUC004.ant.amazon.com (10.252.51.230) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1258.28; Fri, 17 May 2024 09:09:36 +0000
Received: from dev-dsk-hagarhem-1b-b868d8d5.eu-west-1.amazon.com
 (10.253.65.58) by mail-relay.amazon.com (10.252.135.200) with Microsoft SMTP
 Server id 15.2.1258.28 via Frontend Transport; Fri, 17 May 2024 09:09:36
 +0000
Received: by dev-dsk-hagarhem-1b-b868d8d5.eu-west-1.amazon.com (Postfix, from userid 23002382)
	id CF60F20C24; Fri, 17 May 2024 09:09:35 +0000 (UTC)
From: Hagar Hemdan <hagarhem@amazon.com>
To:
CC: Norbert Manthey <nmanthey@amazon.de>, Hagar Hemdan <hagarhem@amazon.com>,
	Linus Walleij <linus.walleij@linaro.org>, Bartosz Golaszewski
	<brgl@bgdev.pl>, Kent Gibson <warthog618@gmail.com>,
	<linux-gpio@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: [PATCH v2] gpio: prevent potential speculation leaks in gpio_device_get_desc()
Date: Fri, 17 May 2024 09:09:04 +0000
Message-ID: <20240517090904.22812-1-hagarhem@amazon.com>
X-Mailer: git-send-email 2.40.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Users can call the gpio_ioctl() interface to get information about gpio
chip lines.
Lines on the chip are identified by an offset in the range
of [0,chip.lines).
Offset is copied from user and then used as an array index to get
the gpio descriptor without sanitization.

This change ensures that the offset is sanitized by
"using array_index_nospec" to mitigate any possibility of speculative
information leaks.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Fixes: aad955842d1c ("gpiolib: cdev: support GPIO_V2_GET_LINEINFO_IOCTL and GPIO_V2_GET_LINEINFO_WATCH_IOCTL")
Signed-off-by: Hagar Hemdan <hagarhem@amazon.com>
---
v2: call array_index_nospec() after the bounds check. 
---
 drivers/gpio/gpiolib.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index fa50db0c3605..b58e4fe78cec 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -17,6 +17,7 @@
 #include <linux/list.h>
 #include <linux/lockdep.h>
 #include <linux/module.h>
+#include <linux/nospec.h>
 #include <linux/of.h>
 #include <linux/pinctrl/consumer.h>
 #include <linux/seq_file.h>
@@ -201,7 +202,7 @@ gpio_device_get_desc(struct gpio_device *gdev, unsigned int hwnum)
 	if (hwnum >= gdev->ngpio)
 		return ERR_PTR(-EINVAL);
 
-	return &gdev->descs[hwnum];
+	return &gdev->descs[array_index_nospec(hwnum, gdev->ngpio)];
 }
 EXPORT_SYMBOL_GPL(gpio_device_get_desc);
 
-- 
2.40.1