diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0040-nospec-Move-array_index_nospec-parameter-checking-in.patch')
-rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0040-nospec-Move-array_index_nospec-parameter-checking-in.patch | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0040-nospec-Move-array_index_nospec-parameter-checking-in.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0040-nospec-Move-array_index_nospec-parameter-checking-in.patch new file mode 100644 index 00000000..973e9188 --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.9.21/0040-nospec-Move-array_index_nospec-parameter-checking-in.patch @@ -0,0 +1,92 @@ +From a3cb1b4823957921fa7a58e51bc8ee3e880bf1c5 Mon Sep 17 00:00:00 2001 +From: Will Deacon <will.deacon@arm.com> +Date: Mon, 5 Feb 2018 14:16:06 +0000 +Subject: [PATCH 40/93] nospec: Move array_index_nospec() parameter checking + into separate macro + +commit 8fa80c503b484ddc1abbd10c7cb2ab81f3824a50 upstream. + +For architectures providing their own implementation of +array_index_mask_nospec() in asm/barrier.h, attempting to use WARN_ONCE() to +complain about out-of-range parameters using WARN_ON() results in a mess +of mutually-dependent include files. + +Rather than unpick the dependencies, simply have the core code in nospec.h +perform the checking for us. + +Signed-off-by: Will Deacon <will.deacon@arm.com> +Acked-by: Thomas Gleixner <tglx@linutronix.de> +Cc: Dan Williams <dan.j.williams@intel.com> +Cc: Linus Torvalds <torvalds@linux-foundation.org> +Cc: Peter Zijlstra <peterz@infradead.org> +Link: http://lkml.kernel.org/r/1517840166-15399-1-git-send-email-will.deacon@arm.com +Signed-off-by: Ingo Molnar <mingo@kernel.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + include/linux/nospec.h | 36 +++++++++++++++++++++--------------- + 1 file changed, 21 insertions(+), 15 deletions(-) + +diff --git a/include/linux/nospec.h b/include/linux/nospec.h +index b99bced..fbc98e2 100644 +--- a/include/linux/nospec.h ++++ b/include/linux/nospec.h +@@ -20,20 +20,6 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, + unsigned long size) + { + /* +- * Warn developers about inappropriate array_index_nospec() usage. +- * +- * Even if the CPU speculates past the WARN_ONCE branch, the +- * sign bit of @index is taken into account when generating the +- * mask. +- * +- * This warning is compiled out when the compiler can infer that +- * @index and @size are less than LONG_MAX. +- */ +- if (WARN_ONCE(index > LONG_MAX || size > LONG_MAX, +- "array_index_nospec() limited to range of [0, LONG_MAX]\n")) +- return 0; +- +- /* + * Always calculate and emit the mask even if the compiler + * thinks the mask is not needed. The compiler does not take + * into account the value of @index under speculation. +@@ -44,6 +30,26 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, + #endif + + /* ++ * Warn developers about inappropriate array_index_nospec() usage. ++ * ++ * Even if the CPU speculates past the WARN_ONCE branch, the ++ * sign bit of @index is taken into account when generating the ++ * mask. ++ * ++ * This warning is compiled out when the compiler can infer that ++ * @index and @size are less than LONG_MAX. ++ */ ++#define array_index_mask_nospec_check(index, size) \ ++({ \ ++ if (WARN_ONCE(index > LONG_MAX || size > LONG_MAX, \ ++ "array_index_nospec() limited to range of [0, LONG_MAX]\n")) \ ++ _mask = 0; \ ++ else \ ++ _mask = array_index_mask_nospec(index, size); \ ++ _mask; \ ++}) ++ ++/* + * array_index_nospec - sanitize an array index after a bounds check + * + * For a code sequence like: +@@ -61,7 +67,7 @@ static inline unsigned long array_index_mask_nospec(unsigned long index, + ({ \ + typeof(index) _i = (index); \ + typeof(size) _s = (size); \ +- unsigned long _mask = array_index_mask_nospec(_i, _s); \ ++ unsigned long _mask = array_index_mask_nospec_check(_i, _s); \ + \ + BUILD_BUG_ON(sizeof(_i) > sizeof(long)); \ + BUILD_BUG_ON(sizeof(_s) > sizeof(long)); \ +-- +2.7.4 + |