redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/infiniband/core
History
Gustavo A. R. Silva a3671a4f97 RDMA/ucma: Fix Spectre v1 vulnerability 
hdr.cmd can be indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/infiniband/core/ucma.c:1686 ucma_write() warn: potential
spectre issue 'ucma_cmd_table' [r] (local cap)

Fix this by sanitizing hdr.cmd before using it to index
ucm_cmd_table.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2018-10-16 12:47:40 -04:00
..
addr.c RDMA/core: Constify dst_addr argument 2018-07-30 20:49:04 -06:00
agent.c IB/core: Rename ib_destroy_ah to rdma_destroy_ah 2017-05-01 14:32:43 -04:00
agent.h IB/mad: Add final OPA MAD processing 2015-06-12 14:49:18 -04:00
cache.c RDMA/core: Set right entry state before releasing reference 2018-09-25 15:01:09 -06:00
cgroup.c IB/core: added support to use rdma cgroup controller 2017-01-10 11:14:27 -05:00
cm.c IB/core: Introduce and use sgid_attr in CM requests 2018-07-26 09:47:47 -06:00
cm_msgs.h IB/cm: Remove unused and erroneous msg sequence encoding 2018-07-09 11:39:28 -06:00
cma.c RDMA/cma: Protect cma dev list with lock 2018-09-06 13:01:59 -06:00
cma_configfs.c IB/cma: use strlcpy() instead of strncpy() 2018-01-15 15:33:21 -07:00
cma_priv.h RDMA/cma: Move rdma_cm_state to cma_priv.h 2018-03-29 13:54:21 -06:00
core_priv.h IB/core: Change filter function return type from int to bool 2018-08-15 13:33:20 -06:00
cq.c RDMA/core: Reduce poll batch for direct cq polling 2018-03-06 20:08:39 -07:00
device.c RDMA/core: Remove {create,destroy}_ah from mandatory verbs 2018-07-30 20:31:09 -06:00
fmr_pool.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
iwcm.c RDMA/netlink: Fix general protection fault 2017-12-07 15:28:07 -05:00
iwcm.h iw_cm: free cm_id resources on the last deref 2016-08-02 13:15:18 -04:00
iwpm_msg.c RDMA/iwpm: Properly mark end of NL messages 2017-09-29 11:32:42 -04:00
iwpm_util.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
iwpm_util.h iwpm: crash fix for large connections test 2016-03-16 13:48:32 -04:00
mad.c RDMA/core: Simplify ib_post_(send|recv|srq_recv)() calls 2018-07-24 16:06:36 -06:00
mad_priv.h IB/mad: Use IDR for agent IDs 2018-06-18 11:22:54 -06:00
mad_rmpp.c IB/mad: Change slid in RMPP recv from 16 to 32 bits 2017-08-08 14:47:18 -04:00
mad_rmpp.h
Makefile IB/uverbs: Remove struct uverbs_root_spec and all supporting code 2018-08-13 09:17:19 -06:00
mr_pool.c IB/core: add a simple MR pool 2016-05-13 13:37:18 -04:00
multicast.c IB: Make ib_init_ah_from_mcmember set sgid_attr 2018-06-25 14:19:56 -06:00
netlink.c RDMA/netlink: Simplify code of autoload modules 2018-01-02 13:36:57 -07:00
nldev.c RDMA/nldev: Return port capability flag for IB only 2018-06-18 11:09:05 -06:00
opa_smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
packer.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
rdma_core.c IB/core: Release object lock if destroy failed 2018-09-04 15:07:55 -06:00
rdma_core.h IB/uverbs: Remove struct uverbs_root_spec and all supporting code 2018-08-13 09:17:19 -06:00
restrack.c RDMA/restrack: Change SPDX tag to properly reflect license 2018-06-05 14:04:20 -06:00
roce_gid_mgmt.c IB/core: Change filter function return type from int to bool 2018-08-15 13:33:20 -06:00
rw.c RDMA/core: Simplify ib_post_(send|recv|srq_recv)() calls 2018-07-24 16:06:36 -06:00
sa.h
sa_query.c RDMA: Validate grh_required when handling AVs 2018-07-10 11:13:04 -06:00
security.c IB/core: Use CONFIG_SECURITY_INFINIBAND to compile out security code 2018-05-01 11:16:36 -04:00
smi.c IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
smi.h IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
sysfs.c IB/core: Replace ib_query_gid with rdma_get_gid_attr 2018-06-18 11:09:05 -06:00
ucm.c IB/ucm: Fix Spectre v1 vulnerability 2018-10-16 11:32:40 -04:00
ucma.c RDMA/ucma: Fix Spectre v1 vulnerability 2018-10-16 12:47:40 -04:00
ud_header.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
umem.c RDMA/umem: Refactor exit paths in ib_umem_get 2018-07-13 12:15:05 -06:00
umem_odp.c mm, oom: distinguish blockable mode for mmu notifiers 2018-08-22 10:52:44 -07:00
user_mad.c IB: Make ib_init_ah_attr_from_wc set sgid_attr 2018-06-25 14:19:56 -06:00
uverbs.h IB/uverbs: Remove struct uverbs_root_spec and all supporting code 2018-08-13 09:17:19 -06:00
uverbs_cmd.c RDMA/uverbs: Fix validity check for modify QP 2018-09-20 16:47:30 -06:00
uverbs_ioctl.c IB/uverbs: Do not check for device disassociation during ioctl 2018-08-13 09:17:19 -06:00
uverbs_main.c RDMA/uverbs: Atomically flush and mark closed the comp event queue 2018-09-12 15:43:15 -06:00
uverbs_marshall.c IB/cm: Replace members of sa_path_rec with 'struct sgid_attr *' 2018-06-25 14:19:57 -06:00
uverbs_std_types.c IB/uverbs: Remove the ib_uverbs_attr pointer from each attr 2018-08-10 16:06:24 -06:00
uverbs_std_types_counters.c IB/uverbs: Use uverbs_alloc for allocations 2018-08-13 09:16:13 -06:00
uverbs_std_types_cq.c IB/uverbs: Do not pass struct ib_device to the ioctl methods 2018-08-01 14:55:48 -06:00
uverbs_std_types_dm.c IB/uverbs: Do not pass struct ib_device to the ioctl methods 2018-08-01 14:55:48 -06:00
uverbs_std_types_flow_action.c IB/uverbs: Do not pass struct ib_device to the ioctl methods 2018-08-01 14:55:48 -06:00
uverbs_std_types_mr.c IB/uverbs: Do not pass struct ib_device to the ioctl methods 2018-08-01 14:55:48 -06:00
uverbs_uapi.c IB/uverbs: Free uapi on destroy 2018-09-25 14:47:33 -06:00
verbs.c Linux 4.18 2018-08-16 13:12:00 -06:00