projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8b2a6a3)
nvme: prevent potential spectre v1 gadget
authorNitesh Shetty <nj.shetty@samsung.com>
Tue, 28 Nov 2023 12:29:57 +0000 (17:59 +0530)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 20 Jan 2024 10:51:41 +0000 (11:51 +0100)
[ Upstream commit 20dc66f2d76b4a410df14e4675e373b718babc34 ]

This patch fixes the smatch warning, "nvmet_ns_ana_grpid_store() warn:
potential spectre issue 'nvmet_ana_group_enabled' [w] (local cap)"
Prevent the contents of kernel memory from being leaked to  user space
via speculative execution by using array_index_nospec.

Signed-off-by: Nitesh Shetty <nj.shetty@samsung.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/nvme/target/configfs.c patch | blob | history

diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c
index 9071438..01b2a3d 100644 (file)
--- a/drivers/nvme/target/configfs.c
+++ b/drivers/nvme/target/configfs.c
@@ -17,6 +17,7 @@
 #endif
 #include <crypto/hash.h>
 #include <crypto/kpp.h>
+#include <linux/nospec.h>
 
 #include "nvmet.h"
 
@@ -509,6 +510,7 @@ static ssize_t nvmet_ns_ana_grpid_store(struct config_item *item,
 
        down_write(&nvmet_ana_sem);
        oldgrpid = ns->anagrpid;
+       newgrpid = array_index_nospec(newgrpid, NVMET_MAX_ANAGRPS);
        nvmet_ana_group_enabled[newgrpid]++;
        ns->anagrpid = newgrpid;
        nvmet_ana_group_enabled[oldgrpid]--;
@@ -1700,6 +1702,7 @@ static struct config_group *nvmet_ana_groups_make_group(
        grp->grpid = grpid;
 
        down_write(&nvmet_ana_sem);
+       grpid = array_index_nospec(grpid, NVMET_MAX_ANAGRPS);
        nvmet_ana_group_enabled[grpid]++;
        up_write(&nvmet_ana_sem);
 
Domain: System / Kernel;