github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 06:25:52 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
734f06f5a7
linux/drivers/char
History
Gustavo A. R. Silva d3faea2d15 char/mwave: fix potential Spectre v1 vulnerability 
commit 701956d401 upstream.

ipcnum is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/char/mwave/mwavedd.c:299 mwave_ioctl() warn: potential spectre issue 'pDrvData->IPCs' [w] (local cap)

Fix this by sanitizing ipcnum before using it to index pDrvData->IPCs.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-01-31 08:14:36 +01:00
..
agp char: amd64-agp: Use 64-bit arithmetic instead of 32-bit 2018-07-10 13:50:31 +10:00
hw_random Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00
ipmi ipmi: Don't initialize anything in the core until something uses it 2019-01-26 09:32:44 +01:00
mwave char/mwave: fix potential Spectre v1 vulnerability 2019-01-31 08:14:36 +01:00
pcmcia char: pcmcia: remove redundant pointer dev 2018-07-03 13:01:57 +02:00
tpm tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x 2019-01-09 17:38:49 +01:00
xilinx_hwicap
xillybus PCI: Add Altera vendor ID 2018-03-14 19:13:47 +01:00
adi.c char: sparc64: Add privileged ADI driver 2018-06-05 11:24:55 -07:00
apm-emulation.c proc: introduce proc_create_single{,_data} 2018-05-16 07:23:35 +02:00
applicom.c
applicom.h
bsr.c
ds1620.c proc: introduce proc_create_single{,_data} 2018-05-16 07:23:35 +02:00
dsp56k.c
dtlk.c
efirtc.c proc: introduce proc_create_single{,_data} 2018-05-16 07:23:35 +02:00
generic_nvram.c
hangcheck-timer.c
hpet.c hpet: remove redundant pointer hpet 2018-07-03 13:01:57 +02:00
Kconfig random: make CPU trust a boot parameter 2018-09-01 12:51:54 -04:00
lp.c
Makefile char: sparc64: Add privileged ADI driver 2018-06-05 11:24:55 -07:00
mbcs.c
mbcs.h
mem.c Char/Misc driver patches for 4.19-rc1 2018-08-18 11:04:51 -07:00
misc.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
mspec.c char: mspec: change return type to vm_fault_t 2018-04-23 13:51:53 +02:00
nsc_gpio.c
nvram.c proc: introduce proc_create_single{,_data} 2018-05-16 07:23:35 +02:00
nwbutton.c
nwbutton.h
nwflash.c
pc8736x_gpio.c
powernv-op-panel.c
ppdev.c
ps3flash.c
random.c random: make CPU trust a boot parameter 2018-09-01 12:51:54 -04:00
raw.c treewide: Use array_size() in vzalloc() 2018-06-12 16:19:22 -07:00
rtc.c char: rtc: remove task handling 2018-08-02 17:16:03 +02:00
scx200_gpio.c
snsc_event.c
snsc.c
snsc.h
sonypi.c
tb0219.c
tlclk.c
toshiba.c proc: introduce proc_create_single{,_data} 2018-05-16 07:23:35 +02:00
ttyprintk.c
uv_mmtimer.c
virtio_console.c virtio: virtconsole: Use seq_file for debugfs operations 2018-07-16 12:03:53 +02:00