github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 06:25:52 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
e77dd99d4b
linux/drivers
History
Gustavo A. R. Silva 1aa698b651 tty: vt_ioctl: fix potential Spectre v1 
commit e97267cb4d upstream.

vsa.console is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/tty/vt/vt_ioctl.c:711 vt_ioctl() warn: potential spectre issue
'vc_cons' [r]

Fix this by sanitizing vsa.console before using it to index vc_cons

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-09-29 03:08:53 -07:00
..
accessibility
acpi ACPI / PM: save NVS memory for ASUS 1025C laptop 2018-08-22 07:48:37 +02:00
amba ARM: amba: Don't read past the end of sysfs "driver_override" buffer 2018-05-02 07:53:42 -07:00
android binder: add missing binder_unlock() 2018-02-28 10:17:23 +01:00
ata ata: libahci: Correct setting of DEVSLP register 2018-09-19 22:48:58 +02:00
atm atm: zatm: Fix potential Spectre v1 2018-07-22 14:25:52 +02:00
auxdisplay
base x86/speculation/l1tf: Add sysfs reporting for l1tf 2018-08-15 17:42:09 +02:00
bcma bcma: use (get|put)_device when probing/removing device driver 2017-03-12 06:37:30 +01:00
block loop: remember whether sysfs_create_group() was done 2018-07-17 11:31:46 +02:00
bluetooth Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV 2018-09-19 22:48:56 +02:00
bus bus: brcmstb_gisb: correct support for 64-bit address output 2018-04-13 19:50:05 +02:00
cdrom cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status 2018-09-05 09:18:41 +02:00
char tpm: fix race condition in tpm_common_write() 2018-08-15 17:42:04 +02:00
clk clk: imx6ul: fix missing of_node_put() 2018-09-26 08:35:05 +02:00
clocksource clocksource/drivers/fsl_ftm_timer: Fix error return checking 2018-05-30 07:49:01 +02:00
connector
cpufreq cpufreq: Fix new policy initialization during limits updates via sysfs 2018-07-03 11:21:26 +02:00
cpuidle cpuidle: powernv: Fix promotion from snooze if next state disabled 2018-07-03 11:21:29 +02:00
crypto crypto: sharah - Unregister correct algorithms for SAHARA 3 2018-09-26 08:35:06 +02:00
dca
devfreq PM / devfreq: Propagate error from devfreq_add_device() 2018-02-22 15:44:58 +01:00
dio
dma dmaengine: pl330: fix irq race with terminate_all 2018-09-26 08:35:05 +02:00
dma-buf
edac EDAC, mv64x60: Fix an error handling path 2018-04-13 19:50:23 +02:00
eisa
extcon extcon: palmas: Check the parent instance to prevent the NULL 2017-11-21 09:21:18 +01:00
firewire firewire-ohci: work around oversized DMA reads on JMicron controllers 2018-05-30 07:48:52 +02:00
firmware firmware: dmi_scan: Fix handling of empty DMI strings 2018-05-30 07:48:56 +02:00
fmc
fpga
gpio gpiolib: Mark gpio_suffixes array with __maybe_unused 2018-09-26 08:35:09 +02:00
gpu drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() 2018-09-29 03:08:53 -07:00
hid HID: wacom: Correct touch maximum XY of 2nd-gen Intuos 2018-08-24 13:26:57 +02:00
hsi HSI: ssi_protocol: double free in ssip_pn_xmit() 2018-03-24 10:58:42 +01:00
hv Drivers: hv: vmbus: fix build warning 2018-02-25 11:03:46 +01:00
hwmon hwmon: (pmbus/adm1275) Accept negative page register values 2018-05-30 07:49:13 +02:00
hwspinlock
hwtracing coresight: tpiu: Fix disabling timeouts 2018-09-26 08:35:09 +02:00
i2c i2c: i801: fix DNV's SMBCTRL register offset 2018-09-19 22:48:55 +02:00
ide cdrom: do not call check_disk_change() inside cdrom_open() 2018-05-30 07:49:13 +02:00
idle idle: i7300: add PCI dependency 2018-02-25 11:03:51 +01:00
iio iio: ad9523: Fix return value for ad952x_store() 2018-09-09 20:04:33 +02:00
infiniband IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler 2018-09-26 08:35:07 +02:00
input Input: atmel_mxt_ts - only use first T9 instance 2018-09-19 22:48:58 +02:00
iommu iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register 2018-09-26 08:35:04 +02:00
ipack
irqchip irqchip/gic: Make interrupt ID 1020 invalid 2018-09-15 09:40:41 +02:00
isdn isdn: Disable IIOCDBGVAR 2018-08-22 07:48:38 +02:00
leds leds: pca955x: Correct I2C Functionality 2018-04-13 19:50:09 +02:00
lguest
lightnvm lightnvm: put bio before return 2016-09-24 10:07:35 +02:00
macintosh macintosh/via-pmu: Add missing mmio accessors 2018-09-19 22:48:57 +02:00
mailbox mailbox: handle empty message in tx_tick 2017-08-06 19:19:41 -07:00
mcb
md md/raid5: fix data corruption of replacements after originals dropped 2018-09-19 22:48:57 +02:00
media media: videobuf2-core: check for q->error in vb2_core_qbuf() 2018-09-26 08:35:05 +02:00
memory memory: tegra: Apply interrupts mask per SoC 2018-08-06 16:24:38 +02:00
memstick memstick: rtsx_usb_ms: Manage runtime PM when accessing the device 2016-10-28 03:01:35 -04:00
message scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() 2018-05-30 07:48:58 +02:00
mfd mfd: ti_am335x_tscadc: Fix struct clk memory leak 2018-09-19 22:48:59 +02:00
misc mei: bus: type promotion bug in mei_nfc_if_version() 2018-09-26 08:35:10 +02:00
mmc mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register 2018-05-30 07:48:51 +02:00
mtd mtdchar: fix overflows in adjustment of count 2018-09-26 08:35:08 +02:00
net net: hp100: fix always-true check for link up state 2018-09-29 03:08:52 -07:00
nfc NFC: nfcmrvl: double free on error path 2018-03-22 09:23:23 +01:00
ntb ntb_transport: Fix bug with max_mw_size parameter 2018-05-30 07:48:55 +02:00
nubus
nvdimm linvdimm, pmem: Preserve read-only setting for pmem devices 2018-07-03 11:21:31 +02:00
nvme nvme-pci: initialize queue memory before interrupts 2018-07-11 16:03:47 +02:00
nvmem nvmem: imx-ocotp: Fix wrong register size 2017-08-06 19:19:46 -07:00
of of: unittest: for strings, account for trailing \0 in property length field 2018-07-03 11:21:29 +02:00
oprofile
parisc parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode 2018-05-30 07:49:10 +02:00
parport parport: sunbpp: fix error return code 2018-09-26 08:35:09 +02:00
pci PCI: mvebu: Fix I/O space end address calculation 2018-09-15 09:40:39 +02:00
pcmcia
perf drivers/perf: arm_pmu: handle no platform_device 2018-03-22 09:23:26 +01:00
phy phy: work around 'phys' references to usb-nop-xceiv devices 2018-01-23 19:50:16 +01:00
pinctrl pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant 2018-09-26 08:35:10 +02:00
platform platform/x86: alienware-wmi: Correct a memory leak 2018-09-29 03:08:51 -07:00
pnp
power power: supply: pda_power: move from timer to delayed_work 2018-03-24 10:58:45 +01:00
powercap PowerCap: Fix an error code in powercap_register_zone() 2018-04-13 19:50:05 +02:00
pps
ps3
ptp ptp: fix missing break in switch 2018-07-25 10:18:17 +02:00
pwm pwm: tiehrpwm: Fix disabling of output of PWMs 2018-09-09 20:04:35 +02:00
rapidio
ras
regulator regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops 2018-08-06 16:24:35 +02:00
remoteproc
reset
rpmsg
rtc rtc: bq4802: add error handling for devm_ioremap 2018-09-26 08:35:09 +02:00
s390 s390/qeth: reset layer2 attribute on layer switch 2018-09-26 08:35:06 +02:00
sbus
scsi scsi: 3ware: fix return 0 on the error path of probe 2018-09-19 22:48:58 +02:00
sfi
sh
sn
soc soc: qcom/spm: shut up uninitialized variable warning 2016-09-24 10:07:42 +02:00
spi spi: davinci: fix a NULL pointer dereference 2018-09-09 20:04:32 +02:00
spmi spmi: Include OF based modalias in device uevent 2017-07-27 15:06:10 -07:00
ssb ssb: mark ssb_bus_register as __maybe_unused 2018-02-25 11:03:44 +01:00
staging staging/rts5208: Fix read overflow in memcpy 2018-09-19 22:48:56 +02:00
target scsi: target: iscsi: Use hex2bin instead of a re-implementation 2018-09-29 03:08:53 -07:00
tc
thermal thermal: exynos: fix setting rising_threshold for Exynos5433 2018-08-06 16:24:37 +02:00
thunderbolt thunderbolt: Resume control channel after hibernation image is created 2018-04-24 09:32:07 +02:00
tty tty: vt_ioctl: fix potential Spectre v1 2018-09-29 03:08:53 -07:00
uio uio: potential double frees if __uio_register_device() fails 2018-09-19 22:48:57 +02:00
usb USB: serial: ti_usb_3410_5052: fix array underflow in completion handler 2018-09-26 08:35:10 +02:00
uwb uwb: ensure that endpoint is interrupt 2017-10-12 11:27:35 +02:00
vfio vfio/pci: Virtualize Maximum Read Request Size 2018-04-24 09:32:09 +02:00
vhost vhost_net: validate sock before trying to put its fd 2018-07-22 14:25:53 +02:00
video fbdev: Distinguish between interlaced and progressive modes 2018-09-26 08:35:06 +02:00
virt
virtio virtio_balloon: fix another race between migration and ballooning 2018-08-06 16:24:42 +02:00
vlynq
vme vme: Fix wrong pointer utilization in ca91cx42_slave_get 2017-01-19 20:17:21 +01:00
w1 1wire: family module autoload fails because of upper/lower case mismatch. 2018-07-03 11:21:27 +02:00
watchdog watchdog: f71808e_wdt: Fix magic close handling 2018-05-30 07:49:03 +02:00
xen xen: Remove unnecessary BUG_ON from __unbind_from_irq() 2018-07-03 11:21:34 +02:00
zorro zorro: Set up z->dev.dma_mask for the DMA API 2018-05-30 07:49:11 +02:00
Kconfig
Makefile usb: build drivers/usb/common/ when USB_SUPPORT is set 2018-02-25 11:03:38 +01:00