cstate: Fix possible Spectre-v1 for pkg_msr

Peter Zijlstra Fri, 20 Apr 2018 06:21:08 -0700

> arch/x86/events/intel/cstate.c:307 cstate_pmu_event_init() warn: potential 
> spectre issue 'pkg_msr' (local cap)


Userspace controls @attr, sanitize cfg (attr->config) before using it
to index an array.

Reported-by: Dan Carpenter <[email protected]>
Signed-off-by: Peter Zijlstra <[email protected]>
---
 arch/x86/events/intel/cstate.c |    1 +
 1 file changed, 1 insertion(+)

--- a/arch/x86/events/intel/cstate.c
+++ b/arch/x86/events/intel/cstate.c
@@ -302,6 +302,7 @@ static int cstate_pmu_event_init(struct
        } else if (event->pmu == &cstate_pkg_pmu) {
                if (cfg >= PERF_CSTATE_PKG_EVENT_MAX)
                        return -EINVAL;
+               cfg = array_index_nospec(cfg, PERF_CSTATE_PKG_EVENT_MAX);
                if (!pkg_msr[cfg].attr)
                        return -EINVAL;
                event->hw.event_base = pkg_msr[cfg].msr;

[PATCH 5/7] perf,x86/cstate: Fix possible Spectre-v1 for pkg_msr

Reply via email to