From: James Huang <jamehuang@nvidia.com>
Date: Thu, 1 Feb 2018 02:38:00 +0000 (+0800)
Subject: cryptodev: prevent speculative load related leak
X-Git-Url: https://rtime.felk.cvut.cz/gitweb/hercules2020/nv-tegra/linux-4.4.git/commitdiff_plain/bc37cf39982a8d2591e0853c13502038194f3fc6

cryptodev: prevent speculative load related leak

Data can be speculatively loaded from memory and stay in cache even
when bound check fails. This can lead to unintended information
disclosure via side-channel analysis.

To mitigate this problem, insert speculation barrier.

bug 2039126
CVE-2017-5753

Change-Id: Id85eb9c91932f358dd999b28dd53d7788b37ea04
Signed-off-by: David Gilhooley <dgilhooley@nvidia.com>
Reviewed-by: Mallikarjun Kasoju <mkasoju@nvidia.com>
Reviewed-by: Bitan Biswas <bbiswas@nvidia.com>
Signed-off-by: James Huang <jamehuang@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1650014
Reviewed-by: Hayden Du <haydend@nvidia.com>
(cherry picked from commit 25bd9436b11f41e23048c9515deae97900a46669)
Reviewed-on: https://git-master.nvidia.com/r/1650738
GVS: Gerrit_Virtual_Submit
Reviewed-by: Prabhu Kuttiyam <pkuttiyam@nvidia.com>
Tested-by: Prabhu Kuttiyam <pkuttiyam@nvidia.com>
Reviewed-by: Winnie Hsu <whsu@nvidia.com>
---

diff --git a/drivers/crypto/tegra-cryptodev.c b/drivers/crypto/tegra-cryptodev.c
index 170315e96433..9ea19ef4cd90 100644
--- a/drivers/crypto/tegra-cryptodev.c
+++ b/drivers/crypto/tegra-cryptodev.c
@@ -38,6 +38,7 @@
 #include <crypto/akcipher.h>
 
 #include "tegra-cryptodev.h"
+#include <asm/barrier.h>
 
 #define NBUFS 2
 #define XBUFSIZE 8
@@ -171,6 +172,7 @@ static int process_crypt_req(struct file *filp, struct tegra_crypto_ctx *ctx,
 	if (crypt_req->op != TEGRA_CRYPTO_CBC) {
 		if (crypt_req->op >= TEGRA_CRYPTO_MAX)
 			return -EINVAL;
+		speculation_barrier();
 
 		tfm = crypto_alloc_ablkcipher(aes_algo[crypt_req->op],
 			CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC, 0);
@@ -1296,6 +1298,7 @@ rng_out:
 				rsa_req_ah.msg_len);
 			return -EINVAL;
 		}
+		speculation_barrier();
 		ret = tegra_crypt_rsa_ahash(filp, ctx, &rsa_req_ah);
 		break;
 
@@ -1316,6 +1319,7 @@ rng_out:
 			return -EINVAL;
 		}
 
+		speculation_barrier();
 		ret = tegra_crypt_rsa(filp, ctx, &rsa_req);
 		break;