drivers: speculative load before bound-check
authorJeetesh Burman <jburman@nvidia.com>
Thu, 29 Mar 2018 18:16:44 +0000 (23:16 +0530)
committerMatthew Pedro <mapedro@nvidia.com>
Tue, 10 Apr 2018 05:10:39 +0000 (22:10 -0700)
commit132cd685fa6fd5fd590f69631cea08378dcb1d9a
tree850ab635a128600575683c7c2cadf0a9b9d8d22c
parent8faa8458c98e48d64fb73a9d7aa8b06e68a6cc40
drivers: speculative load before bound-check

Data can be speculatively loaded from memory and stay in cache even
when bound check fails. This can lead to unintended information
disclosure via side-channel analysis.

To mitigate this problem, insert speculation barrier.

Bug 1964290
CVE-2017-5753

Change-Id: I7382dbcc6e9f352fafd457301beafe753925f3c4
Signed-off-by: Hien Goi <hgoi@nvidia.com>
Signed-off-by: James Huang <jamehuang@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1650791
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>
(cherry picked from commit 5cabd53985a30aa818896abdb64564a74c09ab9c)
Reviewed-on: https://git-master.nvidia.com/r/1684500
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
drivers/media/i2c/ad9389b.c
drivers/media/i2c/adv7604.c
drivers/media/i2c/ov7670.c
drivers/media/i2c/ov9650.c
drivers/media/i2c/s5c73m3/s5c73m3-core.c
drivers/media/i2c/s5k6aa.c
drivers/media/v4l2-core/videobuf2-core.c