[PATCH 5/7] perf,x86/cstate: Fix possible Spectre-v1 for pkg_msr

From: Peter Zijlstra <peterz@infradead.org>
To: linux-kernel@vger.kernel.org, mingo@kernel.org
Cc: tglx@linutronix.de, dan.j.williams@intel.com,
	torvalds@linux-foundation.org,
	Dan Carpenter <dan.carpenter@oracle.com>,
	"Peter Zijlstra" <peterz@infradead.org>
Subject: [PATCH 5/7] perf,x86/cstate: Fix possible Spectre-v1 for pkg_msr
Date: Fri, 20 Apr 2018 15:14:12 +0200	[thread overview]
Message-ID: <20180420131631.926098428@infradead.org> (raw)
In-Reply-To: 20180420131407.721875616@infradead.org

[-- Attachment #1: peterz-spectre1-5.patch --]
[-- Type: text/plain, Size: 782 bytes --]

> arch/x86/events/intel/cstate.c:307 cstate_pmu_event_init() warn: potential spectre issue 'pkg_msr' (local cap)

Userspace controls @attr, sanitize cfg (attr->config) before using it
to index an array.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
---
 arch/x86/events/intel/cstate.c |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/x86/events/intel/cstate.c
+++ b/arch/x86/events/intel/cstate.c
@@ -302,6 +302,7 @@ static int cstate_pmu_event_init(struct
 	} else if (event->pmu == &cstate_pkg_pmu) {
 		if (cfg >= PERF_CSTATE_PKG_EVENT_MAX)
 			return -EINVAL;
+		cfg = array_index_nospec(cfg, PERF_CSTATE_PKG_EVENT_MAX);
 		if (!pkg_msr[cfg].attr)
 			return -EINVAL;
 		event->hw.event_base = pkg_msr[cfg].msr;
