github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-14 10:03:05 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4d5f99ec00
linux/drivers/usb/gadget
History
Gustavo A. R. Silva 87f8db6581 usb: gadget: storage: Fix Spectre v1 vulnerability 
commit 9ae24af366 upstream.

num can be indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/usb/gadget/function/f_mass_storage.c:3177 fsg_lun_make() warn:
potential spectre issue 'fsg_opts->common->luns' [r] (local cap)

Fix this by sanitizing num before using it to index
fsg_opts->common->luns

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Acked-by: Felipe Balbi <felipe.balbi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-10 07:41:43 -08:00
..
function usb: gadget: storage: Fix Spectre v1 vulnerability 2018-11-10 07:41:43 -08:00
legacy USB: gadgetfs: Fix a potential memory leak in 'dev_config()' 2017-12-16 10:33:52 +01:00
udc usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] 2018-10-10 08:52:12 +02:00
composite.c usb: gadget: composite: fix delayed_status race condition when set_interface 2018-08-24 13:26:54 +02:00
config.c usb: gadget: add usb otg descriptor allocate and init interface 2015-07-29 09:59:21 -05:00
configfs.c usb: gadget: configs: plug memory leak 2017-12-16 10:33:52 +01:00
configfs.h
epautoconf.c usb: gadget: epautoconf: add usb_ep_autoconfig_release() function 2015-09-27 10:54:31 -05:00
functions.c
Kconfig usb: gadget: mass_storage: allow for deeper queue lengths 2015-09-27 10:54:31 -05:00
Makefile usb: gadget: use $(srctree) instead of $(PWD) for includes 2014-08-29 15:53:46 -05:00
u_f.c usb: gadget: align buffer size when allocating for OUT endpoint 2018-04-08 11:51:56 +02:00
u_f.h usb: gadget: align buffer size when allocating for OUT endpoint 2018-04-08 11:51:56 +02:00
u_os_desc.h
usbstring.c