perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr

Linux-MTD Mailing List linux-mtd at lists.infradead.org
Mon May 14 05:59:13 PDT 2018 

Gitweb:     http://git.infradead.org/?p=mtd-2.6.git;a=commit;h=a5f81290ce475489fa2551c01a07470c1a4c932e
Commit:     a5f81290ce475489fa2551c01a07470c1a4c932e
Parent:     06ce6e9b6d6c09d4129c6e24a1314a395d816c10
Author:     Peter Zijlstra <peterz at infradead.org>
AuthorDate: Fri Apr 20 14:25:48 2018 +0200
Committer:  Ingo Molnar <mingo at kernel.org>
CommitDate: Sat May 5 08:37:31 2018 +0200

    perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
    
    > arch/x86/events/intel/cstate.c:307 cstate_pmu_event_init() warn: potential spectre issue 'pkg_msr' (local cap)
    
    Userspace controls @attr, sanitize cfg (attr->config) before using it
    to index an array.
    
    Reported-by: Dan Carpenter <dan.carpenter at oracle.com>
    Signed-off-by: Peter Zijlstra (Intel) <peterz at infradead.org>
    Cc: <stable at kernel.org>
    Cc: Alexander Shishkin <alexander.shishkin at linux.intel.com>
    Cc: Arnaldo Carvalho de Melo <acme at redhat.com>
    Cc: Jiri Olsa <jolsa at redhat.com>
    Cc: Linus Torvalds <torvalds at linux-foundation.org>
    Cc: Peter Zijlstra <peterz at infradead.org>
    Cc: Stephane Eranian <eranian at google.com>
    Cc: Thomas Gleixner <tglx at linutronix.de>
    Cc: Vince Weaver <vincent.weaver at maine.edu>
    Signed-off-by: Ingo Molnar <mingo at kernel.org>
---
 arch/x86/events/intel/cstate.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/x86/events/intel/cstate.c b/arch/x86/events/intel/cstate.c
index 9aca448bb8e6..9f8084f18d58 100644
--- a/arch/x86/events/intel/cstate.c
+++ b/arch/x86/events/intel/cstate.c
@@ -92,6 +92,7 @@
 #include <linux/module.h>
 #include <linux/slab.h>
 #include <linux/perf_event.h>
+#include <linux/nospec.h>
 #include <asm/cpu_device_id.h>
 #include <asm/intel-family.h>
 #include "../perf_event.h"
@@ -302,6 +303,7 @@ static int cstate_pmu_event_init(struct perf_event *event)
 	} else if (event->pmu == &cstate_pkg_pmu) {
 		if (cfg >= PERF_CSTATE_PKG_EVENT_MAX)
 			return -EINVAL;
+		cfg = array_index_nospec((unsigned long)cfg, PERF_CSTATE_PKG_EVENT_MAX);
 		if (!pkg_msr[cfg].attr)
 			return -EINVAL;
 		event->hw.event_base = pkg_msr[cfg].msr;

More information about the linux-mtd-cvs mailing list