diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.14.71/5037-drm-amdgpu-pm-Fix-potential-Spectre-v1.patch')
| -rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.14.71/5037-drm-amdgpu-pm-Fix-potential-Spectre-v1.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.14.71/5037-drm-amdgpu-pm-Fix-potential-Spectre-v1.patch b/common/recipes-kernel/linux/linux-yocto-4.14.71/5037-drm-amdgpu-pm-Fix-potential-Spectre-v1.patch new file mode 100644 index 00000000..13543bfb --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.14.71/5037-drm-amdgpu-pm-Fix-potential-Spectre-v1.patch @@ -0,0 +1,52 @@ +From 363d0459eaf763aa3bf07875bee09866db6f30fb Mon Sep 17 00:00:00 2001 +From: "Gustavo A. R. Silva" <gustavo@embeddedor.com> +Date: Mon, 23 Jul 2018 11:32:32 -0500 +Subject: [PATCH 5037/5725] drm/amdgpu/pm: Fix potential Spectre v1 + +idx can be indirectly controlled by user-space, hence leading to a +potential exploitation of the Spectre variant 1 vulnerability. + +This issue was detected with the help of Smatch: + +drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c:408 amdgpu_set_pp_force_state() +warn: potential spectre issue 'data.states' + +Fix this by sanitizing idx before using it to index data.states + +Notice that given that speculation windows are large, the policy is +to kill the speculation on the first load and not worry if it can be +completed with a dependent load/store [1]. + +[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 + +Cc: stable@vger.kernel.org +Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> +Signed-off-by: Alex Deucher <alexander.deucher@amd.com> +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c +index 14bb1b3..2a78a3c 100644 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c +@@ -31,7 +31,7 @@ + #include <linux/power_supply.h> + #include <linux/hwmon.h> + #include <linux/hwmon-sysfs.h> +- ++#include <linux/nospec.h> + + static int amdgpu_debugfs_pm_init(struct amdgpu_device *adev); + +@@ -403,6 +403,7 @@ static ssize_t amdgpu_set_pp_force_state(struct device *dev, + count = -EINVAL; + goto fail; + } ++ idx = array_index_nospec(idx, ARRAY_SIZE(data.states)); + + amdgpu_dpm_get_pp_num_states(adev, &data); + state = data.states[idx]; +-- +2.7.4 + |