summaryrefslogtreecommitdiffstats
path: root/ipc/shm.c
diff options
context:
space:
mode:
authorDavidlohr Bueso <dave@stgolabs.net>2018-06-14 15:27:51 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2018-06-15 07:55:25 +0900
commitec67aaa46dce26d671b46c94ac674ad0b67d044c (patch)
treee4819ea3c6b732dfb972c6507ec9f4c962e00129 /ipc/shm.c
parentf1b4bd0676c2b3d4a023cf3f5d535e618f7e6eff (diff)
downloadlinux-stable-ec67aaa46dce26d671b46c94ac674ad0b67d044c.tar.gz
linux-stable-ec67aaa46dce26d671b46c94ac674ad0b67d044c.tar.bz2
linux-stable-ec67aaa46dce26d671b46c94ac674ad0b67d044c.zip
sysvipc/sem: mitigate semnum index against spectre v1
Both smatch and coverity are reporting potential issues with spectre variant 1 with the 'semnum' index within the sma->sems array, ie: ipc/sem.c:388 sem_lock() warn: potential spectre issue 'sma->sems' ipc/sem.c:641 perform_atomic_semop_slow() warn: potential spectre issue 'sma->sems' ipc/sem.c:721 perform_atomic_semop() warn: potential spectre issue 'sma->sems' Avoid any possible speculation by using array_index_nospec() thus ensuring the semnum value is bounded to [0, sma->sem_nsems). With the exception of sem_lock() all of these are slowpaths. Link: http://lkml.kernel.org/r/20180423171131.njs4rfm2yzyeg6do@linux-n805 Signed-off-by: Davidlohr Bueso <dbueso@suse.de> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'ipc/shm.c')
0 files changed, 0 insertions, 0 deletions