dpaa2-eth: Fix potential spectre issue (5a20a093) · Commits · 戴 / test

Smatch reports a potential spectre vulnerability in the dpaa2-eth driver, where the value of rxnfc->fs.location (which is provided from user-space) is used as index in an array. Add a call to array_index_nospec() to sanitize the access. Signed-off-by:

Ioana Radulescu <ruxandra.radulescu@nxp.com> Signed-off-by:

David S. Miller <davem@davemloft.net>

drivers/net/ethernet/freescale/dpaa2/dpaa2-ethtool.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,7 @@
		*/

		#include <linux/net_tstamp.h>
		#include <linux/nospec.h>

		#include "dpni.h" /* DPNI_LINK_OPT_* */
		#include "dpaa2-eth.h"
		@@ -648,6 +649,8 @@ static int dpaa2_eth_get_rxnfc(struct net_device *net_dev,
		case ETHTOOL_GRXCLSRULE:
		if (rxnfc->fs.location >= max_rules)
		return -EINVAL;
		rxnfc->fs.location = array_index_nospec(rxnfc->fs.location,
		max_rules);
		if (!priv->cls_rules[rxnfc->fs.location].in_use)
		return -EINVAL;
		rxnfc->fs = priv->cls_rules[rxnfc->fs.location].fs;

Admin message