From patchwork Tue Aug 22 11:13:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hari Prasath Gujulan Elango X-Patchwork-Id: 13360496 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B2C33EE4993 for ; Tue, 22 Aug 2023 11:14:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:CC :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=B3tXKUKH3YdPctbVQqjPHqrAQw3xhT4pJhYW5avbfuU=; b=LVdup1prwTIOcH FG1+UrJ5Ny+UmyVF3WGowAMlgDNScApfD24g/O3mdk8iToSEH4DN6QnYuE5T+2dMgTypBXMtBVW4R yfjjinZwDbgWWMW4r4tWDqxu2nnLPHIMk/fS8B5HNwskoH2rm8LqN8yLSNkjDezTd9hUI8yI0Yt9R FfYpFaAf1kQvfhJaUgS2SI954x/WVjlQBW3+FS0djq0G8B3VBElKQ3TvXLGFRHGr95ohlojfIAXCX if0kJRr78456YyDzTusJDaa/N642htcyvRYTGAm6XPEWzXiE+1DzWID25WyzYijxf2AzXxSojJ+ga zDfuXwHpV+HMvm7+lSPA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qYPKN-00FnuN-05; Tue, 22 Aug 2023 11:13:39 +0000 Received: from esa.microchip.iphmx.com ([68.232.153.233]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qYPKJ-00FntY-29 for linux-arm-kernel@lists.infradead.org; Tue, 22 Aug 2023 11:13:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=microchip.com; i=@microchip.com; q=dns/txt; s=mchp; t=1692702815; x=1724238815; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=0BmNgT7Lq4jLEOqmdKssa+DAw9AJFd3Z4vEXWDUvxbs=; b=D5dz79pHha9c3wZZuFAByQv869/0YBQSD/33cu+cObXUBC1lv+uiopjD 4S3dlaXAYN4vdph837jbqjWrj1dXIskIPGXMUZfn7UGnGEbUWsR+kJu0b fYVtqMWgPmpA4U7w88FoPgslbCqIh7mTpZGFFSAsP/OD6K5Fzu6f3kWsW fUNw6ZHzrHYsxWEGu8JtdPFk4EwAxfPfymXI6zut9FSSjx4+RLxIRpSlv 5bHnBCi4Tm4BB+qxWTTZW8ecxKNw9VP13lwdNU+k8vt3xyCkHcRT5MxW9 FtFiHd51ZhdMmRFMHT7L0l/Xgkmz+VCT/+JJj94dcT1ZI9i37V0pwJgrx w==; X-IronPort-AV: E=Sophos;i="6.01,192,1684825200"; d="scan'208";a="648107" X-Amp-Result: SKIPPED(no attachment in message) Received: from unknown (HELO email.microchip.com) ([170.129.1.10]) by esa1.microchip.iphmx.com with ESMTP/TLS/AES256-SHA256; 22 Aug 2023 04:13:32 -0700 Received: from chn-vm-ex04.mchp-main.com (10.10.85.152) by chn-vm-ex02.mchp-main.com (10.10.85.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Tue, 22 Aug 2023 04:13:32 -0700 Received: from che-lt-i63539.microchip.com (10.10.115.15) by chn-vm-ex04.mchp-main.com (10.10.85.152) with Microsoft SMTP Server id 15.1.2507.21 via Frontend Transport; Tue, 22 Aug 2023 04:13:27 -0700 From: Hari Prasath Gujulan Elango To: , , , , , CC: , , , Hari Prasath Gujulan Elango Subject: [PATCH] serial: atmel: Fix Spectre v1 vulnerability reported by smatch Date: Tue, 22 Aug 2023 16:43:21 +0530 Message-ID: <20230822111321.56434-1-Hari.PrasathGE@microchip.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230822_041335_718337_40CAC540 X-CRM114-Status: GOOD ( 12.71 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org smatch reports the below spectre variant 1 vulnerability. drivers/tty/serial/atmel_serial.c:2675 atmel_console_setup() warn: potential spectre issue 'atmel_ports' [r] (local cap) Fix the same by using the array_index_nospec() to mitigate this potential vulnerability especially because the console index is controlled by user-space. Signed-off-by: Hari Prasath Gujulan Elango --- drivers/tty/serial/atmel_serial.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c index 3467a875641a..25f004dd9efd 100644 --- a/drivers/tty/serial/atmel_serial.c +++ b/drivers/tty/serial/atmel_serial.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include @@ -2662,13 +2663,23 @@ static void __init atmel_console_get_options(struct uart_port *port, int *baud, static int __init atmel_console_setup(struct console *co, char *options) { - struct uart_port *port = &atmel_ports[co->index].uart; - struct atmel_uart_port *atmel_port = to_atmel_uart_port(port); + struct uart_port *port; + struct atmel_uart_port *atmel_port; int baud = 115200; int bits = 8; int parity = 'n'; int flow = 'n'; + if (unlikely(co->index < 0 || co->index >= ATMEL_MAX_UART)) + return -ENODEV; + + co->index = array_index_nospec(co->index, ATMEL_MAX_UART); + port = &atmel_ports[co->index].uart; + if (!port) + return -ENODEV; + + atmel_port = to_atmel_uart_port(port); + if (port->membase == NULL) { /* Port not initialized yet - delay setup */ return -ENODEV;