Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9ae2d8e7 authored May 23, 2024 by Hagar Hemdan Committed by Greg Kroah-Hartman Nov 08, 2024

gpio: prevent potential speculation leaks in gpio_device_get_desc()



commit d795848ecce24a75dfd46481aee066ae6fe39775 upstream.

Userspace may trigger a speculative read of an address outside the gpio
descriptor array.
Users can do that by calling gpio_ioctl() with an offset out of range.
Offset is copied from user and then used as an array index to get
the gpio descriptor without sanitization in gpio_device_get_desc().

This change ensures that the offset is sanitized by using
array_index_nospec() to mitigate any possibility of speculative
information leaks.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Signed-off-by: Hagar Hemdan <hagarhem@amazon.com>
Link: https://lore.kernel.org/r/20240523085332.1801-1-hagarhem@amazon.com


Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent e8f9c4af

Hide whitespace changes

Inline Side-by-side

Manu Suresh @manu.suresh
mentioned in commit 8ee3ff60
· May 15, 2025

mentioned in commit 8ee3ff60

mentioned in commit 8ee3ff60103d85ad00366866387645645c52deeb

Toggle commit list

Please register or to comment