From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
Guenter Roeck <linux@roeck-us.net>
Subject: [PATCH 4.18 084/123] hwmon: (nct6775) Fix potential Spectre v1
Date: Mon, 3 Sep 2018 18:57:08 +0200 [thread overview]
Message-ID: <20180903165723.091229745@linuxfoundation.org> (raw)
In-Reply-To: <20180903165719.499675257@linuxfoundation.org>
4.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gustavo A. R. Silva <gustavo@embeddedor.com>
commit d49dbfade96d5b0863ca8a90122a805edd5ef50a upstream.
val can be indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.
This issue was detected with the help of Smatch:
vers/hwmon/nct6775.c:2698 store_pwm_weight_temp_sel() warn: potential
spectre issue 'data->temp_src' [r]
Fix this by sanitizing val before using it to index data->temp_src
Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].
[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/nct6775.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/hwmon/nct6775.c
+++ b/drivers/hwmon/nct6775.c
@@ -63,6 +63,7 @@
#include <linux/bitops.h>
#include <linux/dmi.h>
#include <linux/io.h>
+#include <linux/nospec.h>
#include "lm75.h"
#define USE_ALTERNATE
@@ -2689,6 +2690,7 @@ store_pwm_weight_temp_sel(struct device
return err;
if (val > NUM_TEMP)
return -EINVAL;
+ val = array_index_nospec(val, NUM_TEMP + 1);
if (val && (!(data->have_temp & BIT(val - 1)) ||
!data->temp_src[val - 1]))
return -EINVAL;
next prev parent reply other threads:[~2018-09-03 17:37 UTC|newest]
Thread overview: 145+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-03 16:55 [PATCH 4.18 000/123] 4.18.6-stable review Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 001/123] PATCH scripts/kernel-doc Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 002/123] scripts/kernel-doc: Escape all literal braces in regexes Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 003/123] scsi: libsas: dynamically allocate and free ata host Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 004/123] xprtrdma: Fix disconnect regression Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 005/123] mei: dont update offset in write Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 006/123] cifs: add missing support for ACLs in SMB 3.11 Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 007/123] CIFS: fix uninitialized ptr deref in smb2 signing Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 008/123] cifs: add missing debug entries for kconfig options Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 009/123] cifs: use a refcount to protect open/closing the cached file handle Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 010/123] cifs: check kmalloc before use Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 011/123] smb3: enumerating snapshots was leaving part of the data off end Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 012/123] smb3: Do not send SMB3 SET_INFO if nothing changed Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 013/123] smb3: dont request leases in symlink creation and query Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 014/123] smb3: fill in statfs fsid and correct namelen Greg Kroah-Hartman
2018-09-03 16:55 ` [PATCH 4.18 015/123] btrfs: use correct compare function of dirty_metadata_bytes Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 016/123] btrfs: dont leak ret from do_chunk_alloc Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 017/123] Btrfs: fix mount failure after fsync due to hard link recreation Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 018/123] Btrfs: fix btrfs_write_inode vs delayed iput deadlock Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 019/123] Btrfs: fix send failure when root has deleted files still open Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 020/123] Btrfs: send, fix incorrect file layout after hole punching beyond eof Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 021/123] hwmon: (k10temp) 27C Offset needed for Threadripper2 Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 022/123] bpf, arm32: fix stack var offset in jit Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 023/123] regulator: arizona-ldo1: Use correct device to get enable GPIO Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 024/123] iommu/arm-smmu: Error out only if not enough context interrupts Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 025/123] printk: Split the code for storing a message into the log buffer Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 026/123] printk: Create helper function to queue deferred console handling Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 027/123] printk/nmi: Prevent deadlock when accessing the main log buffer in NMI Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 028/123] kprobes/arm64: Fix %p uses in error messages Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 029/123] arm64: Fix mismatched cache line size detection Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 030/123] arm64: Handle mismatched cache type Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 031/123] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 032/123] arm64: dts: rockchip: corrected uart1 clock-names for rk3328 Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 033/123] KVM: arm/arm64: Fix potential loss of ptimer interrupts Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 034/123] KVM: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 035/123] KVM: arm/arm64: Skip updating PMD entry if no change Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 036/123] KVM: arm/arm64: Skip updating PTE " Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 037/123] s390/kvm: fix deadlock when killed by oom Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 038/123] perf kvm: Fix subcommands on s390 Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 039/123] stop_machine: Reflow cpu_stop_queue_two_works() Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 040/123] stop_machine: Atomically queue and wake stopper threads Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 041/123] ext4: check for NUL characters in extended attributes name Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 042/123] ext4: use ext4_warning() for sb_getblk failure Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 043/123] ext4: sysfs: print ext4_super_block fields as little-endian Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 044/123] ext4: reset error code in ext4_find_entry in fallback Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 045/123] ext4: fix race when setting the bitmap corrupted flag Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 046/123] nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 047/123] x86/gpu: reserve ICLs graphics stolen memory Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 049/123] platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 050/123] mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE Greg Kroah-Hartman
2018-09-04 4:38 ` Naresh Kamboju
2018-09-04 5:24 ` Greg Kroah-Hartman
2018-09-04 6:10 ` Andre Tomt
2018-09-04 8:06 ` Andre Tomt
2018-09-04 7:16 ` Naresh Kamboju
2018-09-04 19:32 ` Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 051/123] x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 052/123] x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 053/123] x86/speculation/l1tf: Suggest what to do on systems with " Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 054/123] x86/vdso: Fix vDSO build if a retpoline is emitted Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 055/123] x86/process: Re-export start_thread() Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 056/123] KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSRd Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 058/123] fuse: Dont access pipe->buffers without pipe_lock() Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 059/123] fuse: fix initial parallel dirops Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 060/123] fuse: fix double request_end() Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 061/123] fuse: fix unlocked access to processing queue Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 062/123] fuse: umount should wait for all requests Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 063/123] fuse: Fix oops at process_init_reply() Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 064/123] fuse: Add missed unlock_page() to fuse_readpages_fill() Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 065/123] lib/vsprintf: Do not handle %pO[^F] as %px Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 066/123] udl-kms: change down_interruptible to down Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 067/123] udl-kms: handle allocation failure Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 068/123] udl-kms: fix crash due to uninitialized memory Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 069/123] udl-kms: avoid division Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 070/123] b43legacy/leds: Ensure NUL-termination of LED name string Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 071/123] b43/leds: " Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 072/123] ASoC: dpcm: dont merge format from invalid codec dai Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 073/123] ASoC: zte: Fix incorrect PCM format bit usages Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 074/123] ASoC: sirf: Fix potential NULL pointer dereference Greg Kroah-Hartman
2018-09-03 16:56 ` [PATCH 4.18 075/123] ASoC: wm_adsp: Correct DSP pointer for preloader control Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 076/123] soc: qcom: rmtfs-mem: fix memleak in probe error paths Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 078/123] scsi: qla2xxx: Fix stalled relogin Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 079/123] x86/vdso: Fix lsl operand order Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 080/123] x86/nmi: Fix NMI uaccess race against CR3 switching Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 081/123] x86/irqflags: Mark native_restore_fl extern inline Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 082/123] x86/spectre: Add missing family 6 check to microcode check Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 083/123] x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ Greg Kroah-Hartman
2018-09-03 16:57 ` Greg Kroah-Hartman [this message]
2018-09-03 16:57 ` [PATCH 4.18 085/123] x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 086/123] x86: Allow generating user-space headers without a compiler Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 087/123] s390/mm: fix addressing exception after suspend/resume Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 088/123] s390/lib: use expoline for all bcr instructions Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 089/123] s390: fix br_r1_trampoline for machines without exrl Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 090/123] s390/qdio: reset old sbal_state flags Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 091/123] s390/numa: move initial setup of node_to_cpumask_map Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 092/123] s390/pci: fix out of bounds access during irq setup Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 093/123] s390/purgatory: Fix crash with expoline enabled Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 094/123] s390/purgatory: Add missing FORCE to Makefile targets Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 095/123] kprobes: Show blacklist addresses as same as kallsyms does Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 096/123] kprobes: Replace %p with other pointer types Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 097/123] kprobes/arm: Fix %p uses in error messages Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 098/123] kprobes: Make list and blacklist root user read only Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 099/123] MIPS: Correct the 64-bit DSP accumulator register size Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 100/123] MIPS: memset.S: Fix byte_fixup for MIPSr6 Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 101/123] MIPS: Always use -march=<arch>, not -<arch> shortcuts Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 102/123] MIPS: Change definition of cpu_relax() for Loongson-3 Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 103/123] MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 104/123] tpm: Return the actual size when receiving an unsupported command Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 105/123] tpm: separate cmd_ready/go_idle from runtime_pm Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 106/123] scsi: mpt3sas: Fix calltrace observed while running IO & reset Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 107/123] scsi: mpt3sas: Fix _transport_smp_handler() error path Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 108/123] scsi: sysfs: Introduce sysfs_{un,}break_active_protection() Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 109/123] scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 110/123] iscsi target: fix session creation failure handling Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 111/123] mtd: rawnand: hynix: Use ->exec_op() in hynix_nand_reg_write_op() Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 112/123] mtd: rawnand: fsmc: Stop using chip->read_buf() Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 113/123] mtd: rawnand: marvell: add suspend and resume hooks Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 114/123] mtd: rawnand: qcom: wait for desc completion in all BAM channels Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 115/123] clk: rockchip: fix clk_i2sout parent selection bits on rk3399 Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 116/123] clk: npcm7xx: fix memory allocation Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 117/123] PM / clk: signedness bug in of_pm_clk_add_clks() Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 118/123] power: generic-adc-battery: fix out-of-bounds write when copying channel properties Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 119/123] power: generic-adc-battery: check for duplicate properties copied from iio channels Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 120/123] watchdog: Mark watchdog touch functions as notrace Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 121/123] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 122/123] x86/dumpstack: Dont dump kernel memory based on usermode RIP Greg Kroah-Hartman
2018-09-03 16:57 ` [PATCH 4.18 123/123] x86: kvm: avoid unused variable warning Greg Kroah-Hartman
2018-09-03 18:39 ` [PATCH 4.18 000/123] 4.18.6-stable review Holger Hoffstätte
2018-09-03 21:16 ` François Valenduc
2018-09-04 4:24 ` Naresh Kamboju
2018-09-04 17:12 ` Linus Torvalds
2018-09-04 17:23 ` Greg Kroah-Hartman
2018-09-04 16:24 ` Guenter Roeck
2018-09-05 9:01 ` Greg Kroah-Hartman
2018-09-05 15:34 ` Guenter Roeck
2018-09-05 17:01 ` Linus Torvalds
2018-09-09 3:58 ` Guenter Roeck
2018-09-04 19:32 ` Greg Kroah-Hartman
2018-09-04 20:18 ` Shuah Khan
2018-09-05 10:38 ` Naresh Kamboju
2018-09-05 10:43 ` Greg Kroah-Hartman
2018-09-05 15:36 ` Guenter Roeck
2018-09-05 14:25 ` Dan Rue
2018-09-04 22:53 ` Guenter Roeck
2018-09-05 9:00 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180903165723.091229745@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=gustavo@embeddedor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).