[PATCH] powerpc/kernel: Fix potential spectre v1 in syscall
Breno Leitao
leitao at debian.org
Tue Mar 12 20:05:43 AEDT 2024
On Tue, Mar 12, 2024 at 08:17:42AM +0000, Christophe Leroy wrote:
> +Nathan as this is RTAS related.
>
> Le 21/08/2018 à 20:42, Breno Leitao a écrit :
> > The rtas syscall reads a value from a user-provided structure and uses it
> > to index an array, being a possible area for a potential spectre v1 attack.
> > This is the code that exposes this problem.
> >
> > args.rets = &args.args[nargs];
> >
> > The nargs is an user provided value, and the below code is an example where
> > the 'nargs' value would be set to XX.
> >
> > struct rtas_args ra;
> > ra.nargs = htobe32(XX);
> > syscall(__NR_rtas, &ra);
>
>
> This patch has been hanging around in patchwork since 2018 and doesn't
> apply anymore. Is it still relevant ? If so, can you rebase et resubmit ?
This seems to be important, since nargs is a user-provided value. I can
submit it if the maintainers are willing to accept. I do not want to
spend my time if no one is willing to review it.
Thanks for revamping this one.
More information about the Linuxppc-dev
mailing list