Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp13974522pxu; Mon, 4 Jan 2021 09:23:34 -0800 (PST) X-Google-Smtp-Source: ABdhPJxa4X9cyLBhGWFW0mrfyJ29v76spBNLOXAWm0AbO8fcX1pxjwA3a9Z5Q82Ik6AuHd3k456A X-Received: by 2002:a50:f089:: with SMTP id v9mr73763995edl.353.1609781014537; Mon, 04 Jan 2021 09:23:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609781014; cv=none; d=google.com; s=arc-20160816; b=zj0RcWBmaaJ+Nz5W3m7/QZ2L2/rd6qOPiDfeQ2Ihejp9FjtKPTTyLVuWykW3AuebqD gaUOY3b1xQj0hDbL06rgF3Ny3SsCAQFr/ekqjMYUyDTVpwqs3vq385HJzp7DN9rrVmfi XJ14m8N0oRuX2Fwp4MbHF91DFxrYDgiLZOMnF+j7BuCO+tzjA5ovMP2IZWClXPXIzC8b wSTHLBXFzChXNkCkbqkQCAkK8ayWM2jjEVJ1mvgJC1rZp9Ga2BWG+uZdQdoI6yKFdRS5 ogx/+ALpOULvJDUEk2M1c/LlXvgST7DLcCYR5a8Bu8qpwtDYPcGX9yQyHj0RPl4njBHI 26hQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=Jr0sOCRPFMICOKbOZjgaU7yz93YevLYKNQq0psKFdq0=; b=HjN7jL9cue2geTagxMM3Eyv5V/shTNViFkdaApZp6JEeBxLnIgcB31dJMjS7irzE4f q6MP1Wn0DHHrFGFpKL0OCw46n9QBgU/+5imugrR7yuhbGRSHXciQYxf1tOnOyXClVkWP 4tyKLqkxvSm4jjaVUSUr+GD9E/Wg2YhuibBsr2S4hLNNkmD7y5CdWaYCaDtnDJN729P0 JSFcQJ6vJqtpqpFPSWaAsubWHdzarYP403sxb0G7DBnu6NXwzsPFppK6Si8M4SkaH2XD 495OWMN7r+iWnkSyuiZGVoZrmxTtVUtcdsbaNfb0cQMsDavKlr7XtfoBPt3nHJNtK0Y9 Tokg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a15si30716553eju.355.2021.01.04.09.23.15; Mon, 04 Jan 2021 09:23:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726396AbhADRW5 (ORCPT + 99 others); Mon, 4 Jan 2021 12:22:57 -0500 Received: from mga09.intel.com ([134.134.136.24]:43986 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726363AbhADRW5 (ORCPT ); Mon, 4 Jan 2021 12:22:57 -0500 IronPort-SDR: JalIRO9FI+5WdJHrd8dh/fCYEaXmqPMzHr6Orz5/qCJfrJT79agk2UFTTdT7W7eDfYqWCQRuJs ipwMLHf3puQA== X-IronPort-AV: E=McAfee;i="6000,8403,9854"; a="177135628" X-IronPort-AV: E=Sophos;i="5.78,474,1599548400"; d="scan'208";a="177135628" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jan 2021 09:22:05 -0800 IronPort-SDR: 0kjoMjHkpm+s4RNdyqJHDmHphSB3S8Jf360ViQukJ3k0lDCRr8ksI7vAWKEWmFvLHYu8wDoLTC 5gQM52ENJAAA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.78,474,1599548400"; d="scan'208";a="345962818" Received: from silpixa00400314.ir.intel.com (HELO silpixa00400314.ger.corp.intel.com) ([10.237.222.51]) by orsmga003.jf.intel.com with ESMTP; 04 Jan 2021 09:22:04 -0800 From: Giovanni Cabiddu To: herbert@gondor.apana.org.au Cc: linux-crypto@vger.kernel.org, qat-linux@intel.com, Adam Guerin , Giovanni Cabiddu Subject: [PATCH 1/3] crypto: qat - fix potential spectre issue Date: Mon, 4 Jan 2021 17:21:57 +0000 Message-Id: <20210104172159.15489-2-giovanni.cabiddu@intel.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210104172159.15489-1-giovanni.cabiddu@intel.com> References: <20210104172159.15489-1-giovanni.cabiddu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org From: Adam Guerin Sanitize ring_num value coming from configuration (and potentially from user space) before it is used as index in the banks array. This issue was detected by smatch: drivers/crypto/qat/qat_common/adf_transport.c:233 adf_create_ring() warn: potential spectre issue 'bank->rings' [r] (local cap) Signed-off-by: Adam Guerin Reviewed-by: Giovanni Cabiddu Signed-off-by: Giovanni Cabiddu --- drivers/crypto/qat/qat_common/adf_transport.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/crypto/qat/qat_common/adf_transport.c b/drivers/crypto/qat/qat_common/adf_transport.c index 5a7030acdc33..888c1e047295 100644 --- a/drivers/crypto/qat/qat_common/adf_transport.c +++ b/drivers/crypto/qat/qat_common/adf_transport.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0-only) /* Copyright(c) 2014 - 2020 Intel Corporation */ #include +#include #include "adf_accel_devices.h" #include "adf_transport_internal.h" #include "adf_transport_access_macros.h" @@ -246,6 +247,7 @@ int adf_create_ring(struct adf_accel_dev *accel_dev, const char *section, return -EFAULT; } + ring_num = array_index_nospec(ring_num, num_rings_per_bank); bank = &transport_data->banks[bank_num]; if (adf_reserve_ring(bank, ring_num)) { dev_err(&GET_DEV(accel_dev), "Ring %d, %s already exists.\n", -- 2.29.2