Data can be speculatively loaded from memory and stay in cache even
when bound check fails. This can lead to unintended information
disclosure via side-channel analysis.
To mitigate this problem, insert speculation barrier.
bug
2039126
CVE-2017-5753
Change-Id: Id85eb9c91932f358dd999b28dd53d7788b37ea04
Signed-off-by: David Gilhooley <dgilhooley@nvidia.com>
Reviewed-by: Mallikarjun Kasoju <mkasoju@nvidia.com>
Reviewed-by: Bitan Biswas <bbiswas@nvidia.com>
Signed-off-by: James Huang <jamehuang@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/
1650014
Reviewed-by: Hayden Du <haydend@nvidia.com>
(cherry picked from commit
25bd9436b11f41e23048c9515deae97900a46669)
Reviewed-on: https://git-master.nvidia.com/r/
1650738
GVS: Gerrit_Virtual_Submit
Reviewed-by: Prabhu Kuttiyam <pkuttiyam@nvidia.com>
Tested-by: Prabhu Kuttiyam <pkuttiyam@nvidia.com>
Reviewed-by: Winnie Hsu <whsu@nvidia.com>
#include <crypto/akcipher.h>
#include "tegra-cryptodev.h"
+#include <asm/barrier.h>
#define NBUFS 2
#define XBUFSIZE 8
if (crypt_req->op != TEGRA_CRYPTO_CBC) {
if (crypt_req->op >= TEGRA_CRYPTO_MAX)
return -EINVAL;
+ speculation_barrier();
tfm = crypto_alloc_ablkcipher(aes_algo[crypt_req->op],
CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 0);
rsa_req_ah.msg_len);
return -EINVAL;
}
+ speculation_barrier();
ret = tegra_crypt_rsa_ahash(filp, ctx, &rsa_req_ah);
break;
return -EINVAL;
}
+ speculation_barrier();
ret = tegra_crypt_rsa(filp, ctx, &rsa_req);
break;