nv-tegra-mirror/linux-nvgpu
1
0
Fork 0
mirror of git://nv-tegra.nvidia.com/linux-nvgpu.git synced 2025-12-23 18:16:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

gpu: nvgpu: add speculative load barrier (sched IOCTLs)

Browse Source 
Data can be speculatively loaded from memory and stay in cache even
when bound check fails. This can lead to unintended information
disclosure via side-channel analysis.

To mitigate this problem insert a speculation barrier.

bug 2039126
CVE-2017-5753

Change-Id: Iec23eb75ce2a9251c8a5c8cbdd21a32910e1a71a
Signed-off-by: Alex Waterman <alexw@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/1640502
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: Richard Zhao <rizhao@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Konsta Holtta <kholtta@nvidia.com>
Reviewed-by: Terje Bergstrom <tbergstrom@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
This commit is contained in:
Alex Waterman
2018-01-03 14:57:34 -08:00
committed by mobile promotions
parent ee9694a67b
commit 37b8298a48
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
drivers/gpu/nvgpu/common/linux/sched.c
View File

@@ -22,6 +22,7 @@
#include <nvgpu/kmem.h>
#include <nvgpu/log.h>
#include <nvgpu/bug.h>
#include <nvgpu/barrier.h>
#include "gk20a/gk20a.h"
#include "gk20a/gr_gk20a.h"
@@ -190,6 +191,8 @@ static int gk20a_sched_dev_ioctl_get_params(struct gk20a_sched_ctrl *sched,
if (tsgid >= f->num_channels)
return -EINVAL;
nvgpu_speculation_barrier();
tsg = &f->tsg[tsgid];
if (!nvgpu_ref_get_unless_zero(&tsg->refcount))
return -ENXIO;
@@ -223,6 +226,8 @@ static int gk20a_sched_dev_ioctl_tsg_set_timeslice(
if (tsgid >= f->num_channels)
return -EINVAL;
nvgpu_speculation_barrier();
tsg = &f->tsg[tsgid];
if (!nvgpu_ref_get_unless_zero(&tsg->refcount))
return -ENXIO;
@@ -256,6 +261,8 @@ static int gk20a_sched_dev_ioctl_tsg_set_runlist_interleave(
if (tsgid >= f->num_channels)
return -EINVAL;
nvgpu_speculation_barrier();
tsg = &f->tsg[tsgid];
if (!nvgpu_ref_get_unless_zero(&tsg->refcount))
return -ENXIO;
@@ -316,6 +323,8 @@ static int gk20a_sched_dev_ioctl_get_tsg(struct gk20a_sched_ctrl *sched,
if (tsgid >= f->num_channels)
return -EINVAL;
nvgpu_speculation_barrier();
tsg = &f->tsg[tsgid];
if (!nvgpu_ref_get_unless_zero(&tsg->refcount))
return -ENXIO;
@@ -351,6 +360,8 @@ static int gk20a_sched_dev_ioctl_put_tsg(struct gk20a_sched_ctrl *sched,
if (tsgid >= f->num_channels)
return -EINVAL;
nvgpu_speculation_barrier();
nvgpu_mutex_acquire(&sched->status_lock);
if (!NVGPU_SCHED_ISSET(tsgid, sched->ref_tsg_bitmap)) {
nvgpu_mutex_release(&sched->status_lock);