Commit Graph

10 Commits

Author SHA1 Message Date
Gustavo A. R. Silva fee05f455c drivers/misc/sgi-gru: fix Spectre v1 vulnerability
req.gid can be indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

vers/misc/sgi-gru/grukdump.c:200 gru_dump_chiplet_request() warn:
potential spectre issue 'gru_base' [w]

Fix this by sanitizing req.gid before calling macro GID_TO_GRU, which
uses it to index gru_base.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-11 09:13:19 -08:00
Sudip Mukherjee c2ed545cee drivers/misc/sgi-gru: remove always false condition
The member gid in struct gru_dump_chiplet_state_req is unsigned int. So
it can never be less than 0.

Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Acked-by: Dimitri Sivanich <sivanich@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-09-20 19:27:59 -07:00
Sudip Mukherjee a010d27617 drivers/misc/sgi-gru: add return on error
If the buffer is too small then return the error and in the process
remove the variables which became unused.

Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Acked-by: Dimitri Sivanich <sivanich@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-09-20 19:27:58 -07:00
Dan Carpenter b6a83d928c drivers/misc/sgi-gru/grukdump.c: cleanup gru_dump_context() a little
"ret" is zero here so we can remove the "!ret" part of the condition.
"uhdr" is alread a __user pointer so we can remove the cast.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Dimitri Sivanich <sivanich@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-04-07 16:36:09 -07:00
Dan Carpenter 49d3d6c37a drivers/misc/sgi-gru/grukdump.c: unlocking should be conditional in gru_dump_context()
I was reviewing this and noticed that unlocking should be conditional on
the error path.  I've changed it to unlock and return directly since we
only do it once and it seems unlikely to change in the near future.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Dimitri Sivanich <sivanich@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-10 16:01:39 -08:00
Jack Steiner b8229bedd1 gru: add debug option for cache flushing
Add a debug option to the SGI GRU driver for flushing GRU cache lines from
memory.  In theory this is not needed but it is useful for debugging.
This has no use by end users.

Signed-off-by: Jack Steiner <steiner@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-12-16 07:20:15 -08:00
Jack Steiner 8820f27ad9 gru: copyright fixes
Fix the copyright statements in a couple of GRU files.  No functional
changes are being made.

Signed-off-by: Jack Steiner <steiner@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-06-18 13:04:04 -07:00
Jack Steiner 2b702b28ad gru: fixes to grudump utility
Minor fixes to the SGI GRU grudump facility:
	- fix address where user data is written
	- add gru number to data passed to user
	- indicate if context is locked

Signed-off-by: Jack Steiner <steiner@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-06-18 13:04:04 -07:00
Jack Steiner 836ce679c0 gru: change resource assignment for kernel threads
Change the way GRU resources are assigned for kernel threads.  GRU
contexts for kernel threads are now allocated on demand and can be stolen
by user processes when idle.  This allows MPI jobs to use ALL of the GRU
resources when the kernel is not using them.

Signed-off-by: Jack Steiner <steiner@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-06-18 13:04:00 -07:00
Jack Steiner 9cc9b056ea gru: dump chiplet state
Add support for dumpping the state of an entire GRU chiplet.

Signed-off-by: Jack Steiner <steiner@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-06-18 13:03:59 -07:00