cryptodev: prevent speculative load related leak
Jeetesh Burman [Tue, 27 Mar 2018 09:47:52 +0000 (14:47 +0530)]
Data can be speculatively loaded from memory and stay in cache even
when bound check fails. This can lead to unintended information
disclosure via side-channel analysis.

To mitigate this problem, insert speculation barrier.

bug 2039126
CVE-2017-5753

Change-Id: Id85eb9c91932f358dd999b28dd53d7788b37ea04
Signed-off-by: David Gilhooley <dgilhooley@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1640356
Signed-off-by: James Huang <jamehuang@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1650014
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1682713
Reviewed-by: Automatic_Commit_Validation_User
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>

drivers/misc/tegra-cryptodev.c

index 586471c..3690d73 100644 (file)
@@ -36,6 +36,7 @@
 #include <crypto/hash.h>
 
 #include "tegra-cryptodev.h"
+#include <asm/barrier.h>
 
 #define NBUFS 2
 #define XBUFSIZE 8
@@ -151,6 +152,7 @@ static int process_crypt_req(struct file *filp, struct tegra_crypto_ctx *ctx,
        char aes_algo[5][10] = {"ecb(aes)", "cbc(aes)", "ofb(aes)", "ctr(aes)"};
 
        if (crypt_req->op != TEGRA_CRYPTO_CBC) {
+               speculation_barrier();
                tfm = crypto_alloc_ablkcipher(aes_algo[crypt_req->op],
                        CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 0);
                if (IS_ERR(tfm)) {
@@ -835,6 +837,7 @@ rng_out:
                        return -EINVAL;
                }
 
+               speculation_barrier();
                ret = tegra_crypt_rsa(filp, ctx, &rsa_req);
                break;