Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp810521lqo; Fri, 17 May 2024 02:09:50 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWq4fuRCZGyFmlVexBwGY34D/8riuiyje1Iju6R11p+JHN+mEOEKGV9CEzw8NuDDpL016Er+T4TsMYQ4umJ/xR05i+b+OB42dgnxJHhng== X-Google-Smtp-Source: AGHT+IFZRu/N+W/DFxRwJxu9ha0I+DtA0TXXAF8nQ45zTmRC6UcNt1SMfJZu3BBli3TvSJ6pPbfJ X-Received: by 2002:a9d:7f92:0:b0:6f0:6ea7:6154 with SMTP id 46e09a7af769-6f0e90f483fmr27628199a34.3.1715936990618; Fri, 17 May 2024 02:09:50 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715936990; cv=pass; d=google.com; s=arc-20160816; b=xypgTDqDctYyUjJlAvmzrccvy903DyVwSWjxd92zLvgjhUT8DX8Fxqvrhe6zA0bo2y zYpJ9hYpsVQTLvxqSKzK+WbQSNIESrVeCrbP07ZTVz9Seu5yF4jYb0MaWC5U6Ley22wL 1qfJTGStH+g+W2DtJHAKHj/7Jkm4OTvWty23MJao/7KkuJni26pSTLS4DKKrBLciqSTp g1jAf42vQUiR39qqEvX7yFtFKcp1/m7y67NcaApq7I7HyHFg/IJkD6jvhGBRYbd53FMb a1Uj5SFZLeVLxurjGT4eysjewup7wd3Myu0IQ88ZDql+HnNgVlGlBF8E8QTV/x0ptRMR rGhA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=5Ba8ICHWwdNpQ0y5aYfPooTOCldSdI7hhNa1Qp6LBI8=; fh=oohzykGtsPnPHfHEdUuhEEh8cgI8SmYe7HH3p7haqMw=; b=wWv12FUfYU/RGgSkeF3WEVyYKt1ZmuedpvvD4zr94LRmAfxm9+VzPv8ZQC5bw2QzXy VnbYxy0DxFvU01kISgU4l3Lv+Bs020OfrYxAhGRRSlcMl8XUn296ntKnTDIsHqs9XfWs slMnqD6GJr5wYA9f8mTEZ0lMuOHi4AQLx8d5EXWezjZmy0BhLHu4dbiYZiZWKehPvsxZ fxKBt6ZRXAVnECXng/amHS5wHCFqtDpRFLtdQOeR8uLBy/yXrfEduh7eWS9rpOEuY6hk bef2lTUF145F7w9LVK9t/XoVOai9ubmtVKKaNdnRuotcxwgxn6xedsiX2ZKgXiE1DwAG 1TEQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b="WD/OW2C+"; arc=pass (i=1 spf=pass spfdomain=amazon.com dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com); spf=pass (google.com: domain of linux-kernel+bounces-181899-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-181899-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 41be03b00d2f7-654cde21631si5627314a12.689.2024.05.17.02.09.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 May 2024 02:09:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-181899-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b="WD/OW2C+"; arc=pass (i=1 spf=pass spfdomain=amazon.com dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com); spf=pass (google.com: domain of linux-kernel+bounces-181899-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-181899-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 39A37283EB0 for ; Fri, 17 May 2024 09:09:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 67E731EB37; Fri, 17 May 2024 09:09:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="WD/OW2C+" Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0484E1EB26; Fri, 17 May 2024 09:09:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.95.49.90 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715936982; cv=none; b=m7+FNXEtWY6keyOdVek/oGdG9RgBbsnlGPFE/hlqOh8qWGkKCTRJMAHVpwh20oqyQ+ah34S9JvjUWHlmNxQkR0mH+dujdBFfZvpuMw0Kf9a/qS4DA2Ve8j8l9xCCssYyPSaJGm0O+5xBdj6+taI4HYXElM73q3zvePSpZZK2Eyk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715936982; c=relaxed/simple; bh=tniEtfsi5V9FE9TVnUHbY0dOa1eHuV1iWAmiiFrBCIw=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=OKBCSksYjSNGMIAHYyXs4VG6Ws8058Pt+YAF4Ri+0ZOgzuxatwKGMxqcjeIQ7ghlyCiJ6LndHtqxXifvpb0D/vAhN4aQKrwOffPzWViofJIWnbN1YO7Phwx2PwudXj3Sppymsf0sO6nDbbLRgYH7Vd/Lx0DVx5dqaGacLn8W/xE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=WD/OW2C+; arc=none smtp.client-ip=52.95.49.90 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1715936981; x=1747472981; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=5Ba8ICHWwdNpQ0y5aYfPooTOCldSdI7hhNa1Qp6LBI8=; b=WD/OW2C+MLjw+xB9yYXfdO7mnHm1xU79MgsyNb8+B6Wqmut3bIyB7118 ZBOcJQ6p7bF1C+SJ0yEJfUN4CKPUCMJLy9UWp8KUP5La+RtaRzVk6hcCX JoHWDTR5/L5+pC0dtN67EcZEDfdz66MA9rYQMuPYWUgSGiuk5H21XUtj/ Y=; X-IronPort-AV: E=Sophos;i="6.08,167,1712620800"; d="scan'208";a="407387397" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2024 09:09:38 +0000 Received: from EX19MTAEUA002.ant.amazon.com [10.0.43.254:33542] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.18.108:2525] with esmtp (Farcaster) id 304138a9-3ff4-49f5-942a-3d354180ede7; Fri, 17 May 2024 09:09:36 +0000 (UTC) X-Farcaster-Flow-ID: 304138a9-3ff4-49f5-942a-3d354180ede7 Received: from EX19D002EUC004.ant.amazon.com (10.252.51.230) by EX19MTAEUA002.ant.amazon.com (10.252.50.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Fri, 17 May 2024 09:09:36 +0000 Received: from EX19MTAUEC001.ant.amazon.com (10.252.135.222) by EX19D002EUC004.ant.amazon.com (10.252.51.230) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Fri, 17 May 2024 09:09:36 +0000 Received: from dev-dsk-hagarhem-1b-b868d8d5.eu-west-1.amazon.com (10.253.65.58) by mail-relay.amazon.com (10.252.135.200) with Microsoft SMTP Server id 15.2.1258.28 via Frontend Transport; Fri, 17 May 2024 09:09:36 +0000 Received: by dev-dsk-hagarhem-1b-b868d8d5.eu-west-1.amazon.com (Postfix, from userid 23002382) id CF60F20C24; Fri, 17 May 2024 09:09:35 +0000 (UTC) From: Hagar Hemdan To: CC: Norbert Manthey , Hagar Hemdan , Linus Walleij , Bartosz Golaszewski , Kent Gibson , , Subject: [PATCH v2] gpio: prevent potential speculation leaks in gpio_device_get_desc() Date: Fri, 17 May 2024 09:09:04 +0000 Message-ID: <20240517090904.22812-1-hagarhem@amazon.com> X-Mailer: git-send-email 2.40.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Users can call the gpio_ioctl() interface to get information about gpio chip lines. Lines on the chip are identified by an offset in the range of [0,chip.lines). Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization. This change ensures that the offset is sanitized by "using array_index_nospec" to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Fixes: aad955842d1c ("gpiolib: cdev: support GPIO_V2_GET_LINEINFO_IOCTL and GPIO_V2_GET_LINEINFO_WATCH_IOCTL") Signed-off-by: Hagar Hemdan --- v2: call array_index_nospec() after the bounds check. --- drivers/gpio/gpiolib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index fa50db0c3605..b58e4fe78cec 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -201,7 +202,7 @@ gpio_device_get_desc(struct gpio_device *gdev, unsigned int hwnum) if (hwnum >= gdev->ngpio) return ERR_PTR(-EINVAL); - return &gdev->descs[hwnum]; + return &gdev->descs[array_index_nospec(hwnum, gdev->ngpio)]; } EXPORT_SYMBOL_GPL(gpio_device_get_desc); -- 2.40.1