Received: by 2002:ab2:7855:0:b0:1f9:5764:f03e with SMTP id m21csp844409lqp; Thu, 23 May 2024 01:24:41 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXF++mDY+2drHgwXAjlBo4YU2Wga1E/mUgjbRwWa0pI+57vm/bWfts6HAsERJZYb+DvsDgAQxtRu2b7/XkId8w9mJyGmupDeydPi5fykw== X-Google-Smtp-Source: AGHT+IGn5k2eBPRdZOOz/0env1E8fvZQl7hX3tz8gwkdNHU2yzg4qTxolOJSdVD4MQmNltbRwOQs X-Received: by 2002:a17:902:f0cd:b0:1e7:b7ea:2d61 with SMTP id d9443c01a7336-1f31c99771bmr31705585ad.37.1716452681110; Thu, 23 May 2024 01:24:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716452681; cv=pass; d=google.com; s=arc-20160816; b=VQ0bM5JVhduPEguc94oXxNFubBHJrxC4ZKbjoAgJ+IrdaiV7rh4Jyjzzy1eREb1RsE zTorh7Cq6f5kaEtfzKb8hd2rKlMGi3oRPb/ya4JCwlMhr0x1PZSqakp78Ccsv/k1ugA5 AbIFHQveIrsszBm/e6XPKCouHqIaBwFeV6BIWOUCeJpy5opYq2vOZzaLaBW6/T5Sctmr 9ETXHDQsp64LhYW4pY9B9dkPxJoCwkDWyCJ3av/aVeRInr2y1aYzXH2q6yQsH/lgoPL/ ncSxVDRmZEeL5e6g1KwKau7vtWemAdElfNMTOf/GpmDEltoxDIQM3oE/Cu/hxgLN6K5G tFMw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :message-id:subject:cc:to:from:date:dkim-signature; bh=PUsYc9BwnOG4VzAcYCz2q9BycQd6fXIw6/Ld/KfdEdM=; fh=Z1dftNk51ujFNoXm6OMkNLKYxeL53tmgXSZaMwhe9BI=; b=DetLO63IJMFWPi4JQJVFRKrG6am5Yf1O0HhHRrbtswYSKvTn2F0HRw4lVIVXHqP9hT rM1HzLi7TyvZ3HTtynpI3LOtPM7ix1JfE6mFSsm4ULbSx8sMn8HyjDUDs1bb7mKKD2e/ X5+Zu0h1CULxizYIV+55zFyk50yaevIYNkrsyc2tNjhCmYgP5m1B5oSvn0M5Zl5sO6A3 gmxCTuNVmGojQJZDg1I5jDMr3O6vlO51BDDbg3IybzvWkjODbm+ZuQaQUrN79Aj1kXzt cQHmqeVBjv82jK65fZwjOhJfYRqDsWy+GnaXu0IapoSxa6/53a6MgMqROJgyqHNND6q6 d0qQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=LvVA6vHm; arc=pass (i=1 spf=pass spfdomain=amazon.com dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com); spf=pass (google.com: domain of linux-kernel+bounces-187177-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-187177-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id d9443c01a7336-1ef0bf326ccsi2336535ad.222.2024.05.23.01.24.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 01:24:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-187177-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=LvVA6vHm; arc=pass (i=1 spf=pass spfdomain=amazon.com dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com); spf=pass (google.com: domain of linux-kernel+bounces-187177-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-187177-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id C3069B2276D for ; Thu, 23 May 2024 08:19:01 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E794E13CABA; Thu, 23 May 2024 08:18:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="LvVA6vHm" Received: from smtp-fw-80007.amazon.com (smtp-fw-80007.amazon.com [99.78.197.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D52E113C9D4; Thu, 23 May 2024 08:18:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=99.78.197.218 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716452334; cv=none; b=Z9/M4+fo9KbrdODyIa+cy/5KtWq1QRKvVvASt6T0c15W1cE4GLEF5IFC3GRuzGZ+dJkwklChTLXGofc+wKjGZNUVo/yV3WKon3hQeugqDQOuX+VCvek9b3EQvj+Fos0ftg2eAH3mSrKscMBjaMBUoDor5ChAuA8vb8g8TKeklYQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716452334; c=relaxed/simple; bh=w299kG8Edsg89u0v/aSQGcyYpudc+c7Glz3pREaxJJA=; h=Date:From:To:CC:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Texj+nVhCw9NGE2K6TZLmMi29YyEK/Cn0w2Nc/N/hB0YT8W1LKcp929tWj5pCsr5uDb7ifn/wtkjRy0Eny6WFX1mOMykygkCq0/C5+ti0PI+Z1gwKDEW9Zj9rwhqKs5axIkYhrT7QmncExMeZIB/gGiccfbx8YI5HbBaMvGEBDw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.com; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=LvVA6vHm; arc=none smtp.client-ip=99.78.197.218 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1716452333; x=1747988333; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=PUsYc9BwnOG4VzAcYCz2q9BycQd6fXIw6/Ld/KfdEdM=; b=LvVA6vHminxmHbj9rKkL5thqHIpXApNtXRTJWKD/ocK5wcDVYdqkPIki 12sTr3vhCiBfFNZsSYZ4KUeJT0MLcAwYIVc/f1Mg4a1kakkYpYpgQW4En p4Z8cmNEovHZf5p/w95D882TDpnr8i6U6h46ijoL3JERhHYcbW0Y4e7jZ c=; X-IronPort-AV: E=Sophos;i="6.08,182,1712620800"; d="scan'208";a="298131678" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev) ([10.25.36.210]) by smtp-border-fw-80007.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 May 2024 08:18:50 +0000 Received: from EX19MTAEUB002.ant.amazon.com [10.0.17.79:24108] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.34.215:2525] with esmtp (Farcaster) id 59c5ae50-83a4-4f20-8725-5a34934fcc07; Thu, 23 May 2024 08:18:48 +0000 (UTC) X-Farcaster-Flow-ID: 59c5ae50-83a4-4f20-8725-5a34934fcc07 Received: from EX19D002EUA004.ant.amazon.com (10.252.50.181) by EX19MTAEUB002.ant.amazon.com (10.252.51.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Thu, 23 May 2024 08:18:44 +0000 Received: from EX19MTAUEC001.ant.amazon.com (10.252.135.222) by EX19D002EUA004.ant.amazon.com (10.252.50.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Thu, 23 May 2024 08:18:44 +0000 Received: from dev-dsk-hagarhem-1b-b868d8d5.eu-west-1.amazon.com (10.253.65.58) by mail-relay.amazon.com (10.252.135.200) with Microsoft SMTP Server id 15.2.1258.28 via Frontend Transport; Thu, 23 May 2024 08:18:43 +0000 Received: by dev-dsk-hagarhem-1b-b868d8d5.eu-west-1.amazon.com (Postfix, from userid 23002382) id 7689520D4C; Thu, 23 May 2024 08:18:43 +0000 (UTC) Date: Thu, 23 May 2024 08:18:43 +0000 From: Hagar Hemdan To: Kent Gibson CC: Norbert Manthey , Linus Walleij , Bartosz Golaszewski , , , Subject: Re: [PATCH v3] gpio: prevent potential speculation leaks in gpio_device_get_desc() Message-ID: <20240523081843.GA7085@amazon.com> References: <20240517101227.12118-1-hagarhem@amazon.com> <20240517124911.GA435070@rigel> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20240517124911.GA435070@rigel> User-Agent: Mutt/1.5.21 (2010-09-15) On Fri, May 17, 2024 at 08:49:11PM +0800, Kent Gibson wrote: > On Fri, May 17, 2024 at 10:12:27AM +0000, Hagar Hemdan wrote: > > Userspace may trigger a speculative read of an address outside the gpio > > descriptor array. > > Users can do that by calling gpio_ioctl() with an offset out of range. > > Offset is copied from user and then used as an array index to get > > the gpio descriptor without sanitization in gpio_device_get_desc(). > > > > This change ensures that the offset is sanitized by using > > array_index_nospec() to mitigate any possibility of speculative > > information leaks. > > > > This bug was discovered and resolved using Coverity Static Analysis > > Security Testing (SAST) by Synopsys, Inc. > > > > Fixes: aad955842d1c ("gpiolib: cdev: support GPIO_V2_GET_LINEINFO_IOCTL and GPIO_V2_GET_LINEINFO_WATCH_IOCTL") > > I still don't think this Fixes commit is right, and that would impact > where this gets backported to, but Bart can weigh in on that. > > Cheers, > Kent. > yes, this Fixes commit is wrong. Stable trees need another fix patch. I will remove this Fixes commit in the next revision. Thanks, Hagar > > > Signed-off-by: Hagar Hemdan > > --- > > v3: update the commit mesg > > --- > > drivers/gpio/gpiolib.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c > > index fa50db0c3605..b58e4fe78cec 100644 > > --- a/drivers/gpio/gpiolib.c > > +++ b/drivers/gpio/gpiolib.c > > @@ -17,6 +17,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -201,7 +202,7 @@ gpio_device_get_desc(struct gpio_device *gdev, unsigned int hwnum) > > if (hwnum >= gdev->ngpio) > > return ERR_PTR(-EINVAL); > > > > - return &gdev->descs[hwnum]; > > + return &gdev->descs[array_index_nospec(hwnum, gdev->ngpio)]; > > } > > EXPORT_SYMBOL_GPL(gpio_device_get_desc); > > > > -- > > 2.40.1 > >