[PATCH] accel/ivpu: Fix potential Spectre issue in debugfs
Greg KH
gregkh at linuxfoundation.org
Fri Aug 8 15:12:20 UTC 2025
On Fri, Aug 08, 2025 at 01:11:20PM +0200, Jacek Lawrynowicz wrote:
> Fix potential Spectre vulnerability in repoted by smatch:
> warn: potential spectre issue 'vdev->hw->hws.grace_period' [w] (local cap)
> warn: potential spectre issue 'vdev->hw->hws.process_grace_period' [w] (local cap)
> warn: potential spectre issue 'vdev->hw->hws.process_quantum' [w] (local cap)
>
> The priority_bands_fops_write() function in ivpu_debugfs.c uses an
> index 'band' derived from user input. This index is used to write to
> the vdev->hw->hws.grace_period, vdev->hw->hws.process_grace_period,
> and vdev->hw->hws.process_quantum arrays.
>
> This pattern presented a potential Spectre Variant 1 (Bounds Check
> Bypass) vulnerability. An attacker-controlled 'band' value could
> theoretically lead to speculative out-of-bounds array writes if the
> CPU speculatively executed these assignments before the bounds check
> on 'band' was fully resolved.
You do know that debugfs access is restricted to root access only, so
spectre issues are the least of your worries if you have root :)
That being said, no real objection from me for this, but there's
probably a metric-ton of these in other debugfs files if you want to
start whacking away at them...
thanks,
greg k-h
More information about the dri-devel
mailing list