linux/fs/ext4
Jeremy Cline 1a5d5e5d51 ext4: fix spectre gadget in ext4_mb_regular_allocator()
'ac->ac_g_ex.fe_len' is a user-controlled value which is used in the
derivation of 'ac->ac_2order'. 'ac->ac_2order', in turn, is used to
index arrays which makes it a potential spectre gadget. Fix this by
sanitizing the value assigned to 'ac->ac2_order'.  This covers the
following accesses found with the help of smatch:

* fs/ext4/mballoc.c:1896 ext4_mb_simple_scan_group() warn: potential
  spectre issue 'grp->bb_counters' [w] (local cap)

* fs/ext4/mballoc.c:445 mb_find_buddy() warn: potential spectre issue
  'EXT4_SB(e4b->bd_sb)->s_mb_offsets' [r] (local cap)

* fs/ext4/mballoc.c:446 mb_find_buddy() warn: potential spectre issue
  'EXT4_SB(e4b->bd_sb)->s_mb_maxs' [r] (local cap)

Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
2018-08-02 00:03:40 -04:00
..
acl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
acl.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
balloc.c ext4: use ext4_warning() for sb_getblk failure 2018-08-01 12:02:31 -04:00
bitmap.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
block_validity.c ext4: use 'sbi' instead of 'EXT4_SB(sb)' 2018-01-11 13:17:49 -05:00
dir.c ext4: force revalidation of directory pointer after seekdir(2) 2018-04-01 23:21:03 -04:00
ext4_extents.h ext4: verify the depth of extent tree in ext4_find_extent() 2018-06-14 12:55:10 -04:00
ext4_jbd2.c ext4: shutdown should not prevent get_write_access 2018-02-18 22:07:36 -05:00
ext4_jbd2.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
ext4.h ext4: handle layout changes to pinned DAX mappings 2018-07-29 17:00:22 -04:00
extents_status.c ext4: remove NULL check before calling kmem_cache_destroy() 2018-05-20 22:44:13 -04:00
extents_status.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
extents.c ext4: handle layout changes to pinned DAX mappings 2018-07-29 17:00:22 -04:00
file.c ext4: do not update s_last_mounted of a frozen fs 2018-05-13 22:54:44 -04:00
fsmap.c ext4: make function ‘ext4_getfsmap_find_fixed_metadata’ static 2018-05-10 11:50:04 -04:00
fsmap.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
fsync.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hash.c ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
ialloc.c ext4: use ext4_warning() for sb_getblk failure 2018-08-01 12:02:31 -04:00
indirect.c ext4: fix hole length detection in ext4_ind_map_blocks() 2018-05-12 19:55:00 -04:00
inline.c ext4: fix inline data updates with checksums enabled 2018-07-10 01:07:43 -04:00
inode.c ext4: handle layout changes to pinned DAX mappings 2018-07-29 17:00:22 -04:00
ioctl.c ext4: remove EXT4_STATE_DIOREAD_LOCK flag 2018-03-22 11:52:10 -04:00
Kconfig fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at 2018-01-01 12:45:37 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mballoc.c ext4: fix spectre gadget in ext4_mb_regular_allocator() 2018-08-02 00:03:40 -04:00
mballoc.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
migrate.c ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
mmp.c ext4: use 64-bit timestamps for mmp_time 2018-07-29 15:49:00 -04:00
move_extent.c ext4: use swap macro in mext_page_double_lock 2018-07-29 16:11:59 -04:00
namei.c ext4: reset error code in ext4_find_entry in fallback 2018-07-29 17:13:42 -04:00
page-io.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
readpage.c fscrypt: allow synchronous bio decryption 2018-05-02 14:30:57 -07:00
resize.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
super.c ext4: fix race when setting the bitmap corrupted flag 2018-07-29 17:27:45 -04:00
symlink.c ext4: switch to fscrypt_get_symlink() 2018-01-11 22:10:40 -05:00
sysfs.c ext4: super: extend timestamps to 40 bits 2018-07-29 15:51:48 -04:00
truncate.h ext4: handle layout changes to pinned DAX mappings 2018-07-29 17:00:22 -04:00
xattr_security.c ext4: use XATTR_CREATE in ext4_initxattrs() 2018-05-10 11:52:14 -04:00
xattr_trusted.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xattr_user.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xattr.c ext4: check for NUL characters in extended attribute's name 2018-08-01 12:36:52 -04:00
xattr.h ext4: add extra checks to ext4_xattr_block_get() 2018-03-30 20:04:11 -04:00