iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/infiniband/core
History
Gustavo A. R. Silva a3671a4f97 RDMA/ucma: Fix Spectre v1 vulnerability 
hdr.cmd can be indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/infiniband/core/ucma.c:1686 ucma_write() warn: potential
spectre issue 'ucma_cmd_table' [r] (local cap)

Fix this by sanitizing hdr.cmd before using it to index
ucm_cmd_table.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2018-10-16 12:47:40 -04:00
..
addr.c
RDMA/core: Constify dst_addr argument
2018-07-30 20:49:04 -06:00
agent.c
IB/core: Rename ib_destroy_ah to rdma_destroy_ah
2017-05-01 14:32:43 -04:00
agent.h
IB/mad: Add final OPA MAD processing
2015-06-12 14:49:18 -04:00
cache.c
RDMA/core: Set right entry state before releasing reference
2018-09-25 15:01:09 -06:00
cgroup.c
IB/core: added support to use rdma cgroup controller
2017-01-10 11:14:27 -05:00
cm_msgs.h
IB/cm: Remove unused and erroneous msg sequence encoding
2018-07-09 11:39:28 -06:00
cm.c
IB/core: Introduce and use sgid_attr in CM requests
2018-07-26 09:47:47 -06:00
cma_configfs.c
IB/cma: use strlcpy() instead of strncpy()
2018-01-15 15:33:21 -07:00
cma_priv.h
RDMA/cma: Move rdma_cm_state to cma_priv.h
2018-03-29 13:54:21 -06:00
cma.c
RDMA/cma: Protect cma dev list with lock
2018-09-06 13:01:59 -06:00
core_priv.h
IB/core: Change filter function return type from int to bool
2018-08-15 13:33:20 -06:00
cq.c
RDMA/core: Reduce poll batch for direct cq polling
2018-03-06 20:08:39 -07:00
device.c
RDMA/core: Remove {create,destroy}_ah from mandatory verbs
2018-07-30 20:31:09 -06:00
fmr_pool.c
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
iwcm.c
RDMA/netlink: Fix general protection fault
2017-12-07 15:28:07 -05:00
iwcm.h
iw_cm: free cm_id resources on the last deref
2016-08-02 13:15:18 -04:00
iwpm_msg.c
RDMA/iwpm: Properly mark end of NL messages
2017-09-29 11:32:42 -04:00
iwpm_util.c
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
iwpm_util.h
iwpm: crash fix for large connections test
2016-03-16 13:48:32 -04:00
mad_priv.h
IB/mad: Use IDR for agent IDs
2018-06-18 11:22:54 -06:00
mad_rmpp.c
IB/mad: Change slid in RMPP recv from 16 to 32 bits
2017-08-08 14:47:18 -04:00
mad_rmpp.h
mad.c
RDMA/core: Simplify ib_post_(send|recv|srq_recv)() calls
2018-07-24 16:06:36 -06:00
Makefile
IB/uverbs: Remove struct uverbs_root_spec and all supporting code
2018-08-13 09:17:19 -06:00
mr_pool.c
IB/core: add a simple MR pool
2016-05-13 13:37:18 -04:00
multicast.c
IB: Make ib_init_ah_from_mcmember set sgid_attr
2018-06-25 14:19:56 -06:00
netlink.c
RDMA/netlink: Simplify code of autoload modules
2018-01-02 13:36:57 -07:00
nldev.c
RDMA/nldev: Return port capability flag for IB only
2018-06-18 11:09:05 -06:00
opa_smi.h
IB: Add rdma_cap_ib_switch helper and use where appropriate
2015-07-14 13:20:08 -04:00
packer.c
IB/core: trivial prink cleanup.
2016-03-03 10:20:25 -05:00
rdma_core.c
IB/core: Release object lock if destroy failed
2018-09-04 15:07:55 -06:00
rdma_core.h
IB/uverbs: Remove struct uverbs_root_spec and all supporting code
2018-08-13 09:17:19 -06:00
restrack.c
RDMA/restrack: Change SPDX tag to properly reflect license
2018-06-05 14:04:20 -06:00
roce_gid_mgmt.c
IB/core: Change filter function return type from int to bool
2018-08-15 13:33:20 -06:00
rw.c
RDMA/core: Simplify ib_post_(send|recv|srq_recv)() calls
2018-07-24 16:06:36 -06:00
sa_query.c
RDMA: Validate grh_required when handling AVs
2018-07-10 11:13:04 -06:00
sa.h
security.c
IB/core: Use CONFIG_SECURITY_INFINIBAND to compile out security code
2018-05-01 11:16:36 -04:00
smi.c
IB: Add rdma_cap_ib_switch helper and use where appropriate
2015-07-14 13:20:08 -04:00
smi.h
IB: Add rdma_cap_ib_switch helper and use where appropriate
2015-07-14 13:20:08 -04:00
sysfs.c
IB/core: Replace ib_query_gid with rdma_get_gid_attr
2018-06-18 11:09:05 -06:00
ucm.c
IB/ucm: Fix Spectre v1 vulnerability
2018-10-16 11:32:40 -04:00
ucma.c
RDMA/ucma: Fix Spectre v1 vulnerability
2018-10-16 12:47:40 -04:00
ud_header.c
IB/core: trivial prink cleanup.
2016-03-03 10:20:25 -05:00
umem_odp.c
mm, oom: distinguish blockable mode for mmu notifiers
2018-08-22 10:52:44 -07:00
umem.c
RDMA/umem: Refactor exit paths in ib_umem_get
2018-07-13 12:15:05 -06:00
user_mad.c
IB: Make ib_init_ah_attr_from_wc set sgid_attr
2018-06-25 14:19:56 -06:00
uverbs_cmd.c
RDMA/uverbs: Fix validity check for modify QP
2018-09-20 16:47:30 -06:00
uverbs_ioctl.c
IB/uverbs: Do not check for device disassociation during ioctl
2018-08-13 09:17:19 -06:00
uverbs_main.c
RDMA/uverbs: Atomically flush and mark closed the comp event queue
2018-09-12 15:43:15 -06:00
uverbs_marshall.c
IB/cm: Replace members of sa_path_rec with 'struct sgid_attr *'
2018-06-25 14:19:57 -06:00
uverbs_std_types_counters.c
IB/uverbs: Use uverbs_alloc for allocations
2018-08-13 09:16:13 -06:00
uverbs_std_types_cq.c
IB/uverbs: Do not pass struct ib_device to the ioctl methods
2018-08-01 14:55:48 -06:00
uverbs_std_types_dm.c
IB/uverbs: Do not pass struct ib_device to the ioctl methods
2018-08-01 14:55:48 -06:00
uverbs_std_types_flow_action.c
IB/uverbs: Do not pass struct ib_device to the ioctl methods
2018-08-01 14:55:48 -06:00
uverbs_std_types_mr.c
IB/uverbs: Do not pass struct ib_device to the ioctl methods
2018-08-01 14:55:48 -06:00
uverbs_std_types.c
IB/uverbs: Remove the ib_uverbs_attr pointer from each attr
2018-08-10 16:06:24 -06:00
uverbs_uapi.c
IB/uverbs: Free uapi on destroy
2018-09-25 14:47:33 -06:00
uverbs.h
IB/uverbs: Remove struct uverbs_root_spec and all supporting code
2018-08-13 09:17:19 -06:00
verbs.c
Linux 4.18
2018-08-16 13:12:00 -06:00