diff options
| author | Jeetesh Burman <jburman@nvidia.com> | 2018-02-14 16:18:40 +0530 |
|---|---|---|
| committer | Winnie Hsu <whsu@nvidia.com> | 2018-04-03 10:44:20 -0700 |
| commit | 92779c767e5e7c750cdea0c392e3f31befc37921 (patch) | |
| tree | 405985c1aafde5cfa563fdf8aa3a214fa3adfc4a /drivers/media/v4l2-core | |
| parent | aba332e1dc32edfed73448364f2a88457738a270 (diff) | |
drivers: speculative load before bound-check
Data can be speculatively loaded from memory and stay in cache even
when bound check fails. This can lead to unintended information
disclosure via side-channel analysis.
To mitigate this problem, insert speculation barrier.
Bug 1964290
CVE-2017-5753
Change-Id: I7382dbcc6e9f352fafd457301beafe753925f3c4
Signed-off-by: Hien Goi <hgoi@nvidia.com>
Signed-off-by: James Huang <jamehuang@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1650791
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>
(cherry picked from commit 5cabd53985a30aa818896abdb64564a74c09ab9c)
Reviewed-on: https://git-master.nvidia.com/r/1660772
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
Diffstat (limited to 'drivers/media/v4l2-core')
| -rw-r--r-- | drivers/media/v4l2-core/videobuf2-core.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/media/v4l2-core/videobuf2-core.c b/drivers/media/v4l2-core/videobuf2-core.c index e3bdc3be91e1..60ba606afc56 100644 --- a/drivers/media/v4l2-core/videobuf2-core.c +++ b/drivers/media/v4l2-core/videobuf2-core.c @@ -23,6 +23,7 @@ #include <media/v4l2-fh.h> #include <media/v4l2-event.h> #include <media/videobuf2-core.h> +#include <asm/barrier.h> static int debug; module_param(debug, int, 0644); @@ -1800,6 +1801,8 @@ int vb2_expbuf(struct vb2_queue *q, struct v4l2_exportbuffer *eb) return -EINVAL; } + speculation_barrier(); + vb = q->bufs[eb->index]; if (eb->plane >= vb->num_planes) { |