evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/char
History
Gustavo A. R. Silva 29f7c747a5 char/mwave: fix potential Spectre v1 vulnerability 
commit 701956d4018e5d5438570e39e8bda47edd32c489 upstream.

ipcnum is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/char/mwave/mwavedd.c:299 mwave_ioctl() warn: potential spectre issue 'pDrvData->IPCs' [w] (local cap)

Fix this by sanitizing ipcnum before using it to index pDrvData->IPCs.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-02-06 19:43:04 +01:00
..
agp agp/intel: Flush all chipset writes after updating the GGTT 2018-03-22 09:23:29 +01:00
hw_random x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros 2018-06-16 09:54:24 +02:00
ipmi ipmi:ssif: Fix handling of multi-part return messages 2019-01-26 09:42:55 +01:00
mwave char/mwave: fix potential Spectre v1 vulnerability 2019-02-06 19:43:04 +01:00
pcmcia pcmcia: remove left-over %Z format 2017-06-07 12:06:01 +02:00
tpm tpm: Restore functionality to xen vtpm driver. 2018-11-21 09:27:33 +01:00
xilinx_hwicap char:xilinx_hwicap:buffer_icap - change 1/0 to true/false for bool type variable in function buffer_icap_set_configuration(). 2015-06-12 16:58:33 -07:00
xillybus char: xillybus: Allow 64-bit DMA on PCIe interface 2015-08-05 12:27:09 -07:00
apm-emulation.c
applicom.c
applicom.h
bfin-otp.c
bsr.c
ds1302.c
ds1620.c
dsp56k.c
dtlk.c
efirtc.c drivers/char: make efirtc.c driver explicitly non-modular 2015-09-20 19:32:35 -07:00
generic_nvram.c
genrtc.c
hangcheck-timer.c hangcheck-timer: cleanup casting in hangcheck_init() 2014-11-07 11:24:01 -08:00
hpet.c drivers/char: make hpet.c explicitly non-modular 2015-09-20 19:32:35 -07:00
Kconfig char: lack of bool string made CONFIG_DEVPORT always on 2017-04-21 09:30:06 +02:00
lp.c char: lp: fix possible integer overflow in lp_setup() 2017-05-25 14:30:07 +02:00
Makefile hwmon: Rename i8k driver to dell-smm-hwmon and move it to hwmon tree 2015-05-24 12:48:12 -07:00
mbcs.c
mbcs.h
mem.c x86/mm/pat, /dev/mem: Remove superfluous error message 2018-01-17 09:35:28 +01:00
misc.c char: make misc_deregister a void function 2015-08-05 10:35:49 -07:00
mmtimer.c
mspec.c
nsc_gpio.c
nvram.c char/nvram: Use bitwise OR to obtain Atari video mode data 2015-08-05 13:30:16 -07:00
nwbutton.c
nwbutton.h
nwflash.c
pc8736x_gpio.c
ppdev.c
ps3flash.c
random.c random: mix rdrand with entropy sent in from userspace 2018-08-06 16:24:40 +02:00
raw.c writeback: separate out include/linux/backing-dev-defs.h 2015-06-02 08:33:34 -06:00
rtc.c
scx200_gpio.c
snsc.c drivers/char: make SGI snsc.c driver explicitly non-modular 2015-09-20 19:32:35 -07:00
snsc.h
snsc_event.c
sonypi.c
tb0219.c
tile-srom.c fs: move struct kiocb to fs.h 2015-03-25 20:28:11 -04:00
tlclk.c
toshiba.c toshiba laptop: replace ioremap_cache with ioremap 2015-08-05 17:26:00 -07:00
ttyprintk.c
uv_mmtimer.c
virtio_console.c virtio_console: free buffers after reset 2018-05-02 07:53:40 -07:00