shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-01 18:53:02 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
4be809db216f72010396bf01a7cd7b7ee835dfd1
linux/drivers
History
Gustavo A. R. Silva 4be809db21 char/mwave: fix potential Spectre v1 vulnerability 
commit 701956d401 upstream.

ipcnum is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/char/mwave/mwavedd.c:299 mwave_ioctl() warn: potential spectre issue 'pDrvData->IPCs' [w] (local cap)

Fix this by sanitizing ipcnum before using it to index pDrvData->IPCs.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-01-31 08:13:43 +01:00
..
accessibility
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
acpi
ACPI / PMIC: xpower: Fix TS-pin current-source handling
2019-01-16 22:07:12 +01:00
amba
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
2018-05-01 12:58:21 -07:00
android
binder: fix race that allows malicious free of live buffer
2018-12-05 19:41:26 +01:00
ata
libata: whitelist all SAMSUNG MZ7KM* solid-state disks
2018-12-21 14:13:15 +01:00
atm
atm: zatm: Fix potential Spectre v1
2018-07-22 14:28:43 +02:00
auxdisplay
auxdisplay: fix broken menu
2018-07-03 11:24:56 +02:00
base
sysfs: Disable lockdep for driver bind/unbind files
2019-01-26 09:37:06 +01:00
bcma
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
block
nbd: Use set_blocksize() to set device blocksize
2019-01-23 08:09:51 +01:00
bluetooth
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
2018-11-13 11:14:54 -08:00
bus
bus: arm-cci: remove unnecessary unreachable()
2018-12-01 09:42:49 +01:00
cdrom
cdrom: fix improper type cast, which can leat to information leak.
2018-11-21 09:24:04 +01:00
char
char/mwave: fix potential Spectre v1 vulnerability
2019-01-31 08:13:43 +01:00
clk
clk: imx6q: reset exclusive gates on init
2019-01-26 09:37:03 +01:00
clocksource
clocksource/drivers/integrator-ap: Add missing of_node_put()
2019-01-26 09:37:05 +01:00
connector
cpufreq
cpufreq: imx6q: add return value check for voltage scale
2018-12-01 09:42:53 +01:00
cpuidle
powerpc/pseries/cpuidle: Fix preempt warning
2019-01-26 09:37:02 +01:00
crypto
crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK
2019-01-23 08:09:48 +01:00
dax
dev-dax: check_vma: ratelimit dev_info-s
2018-08-24 13:09:08 +02:00
dca
devfreq
PM / devfreq: Fix potential NULL pointer dereference in governor_store
2018-04-12 12:32:13 +02:00
dio
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dma
dmaengine: cppi41: delete channel from pending list when stop channel
2018-12-13 09:18:52 +01:00
dma-buf
dma-buf: remove redundant initialization of sg_table
2018-06-05 11:41:57 +02:00
edac
EDAC, skx_edac: Fix logical channel intermediate decoding
2018-11-13 11:15:06 -08:00
eisa
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
extcon
extcon: Release locking when sending the notification of connector state
2018-09-09 19:55:56 +02:00
firewire
firewire-ohci: work around oversized DMA reads on JMicron controllers
2018-04-26 11:02:03 +02:00
firmware
efi/arm: Revert deferred unmap of early memmap mapping
2018-12-01 09:42:54 +01:00
fmc
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fpga
fpga-manager: altera-ps-spi: preserve nCONFIG state
2018-05-01 12:58:24 -07:00
fsi
drivers/fsi/scom: Remove reset before every putscom
2017-08-28 17:15:16 +02:00
gpio
gpio: pl061: Move irq_chip definition inside struct pl061
2019-01-26 09:37:01 +01:00
gpu
drm/i915/gvt: Fix mmap range check
2019-01-26 09:37:07 +01:00
hid
HID: ite: Add USB id match for another ITE based keyboard rfkill key quirk
2019-01-13 10:00:56 +01:00
hsi
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hv
x86, hyperv: remove PCI dependency
2019-01-13 10:00:59 +01:00
hwmon
hwmon: (w83795) temp4_type has writable permission
2018-12-17 09:28:49 +01:00
hwspinlock
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hwtracing
intel_th: msu: Fix an off-by-one in attribute store
2019-01-13 10:01:07 +01:00
i2c
i2c: dev: prevent adapter retries and timeout being set as minus value
2019-01-16 22:07:12 +01:00
ide
ide: pmac: add of_node_put()
2018-12-21 14:13:14 +01:00
idle
intel_idle: Graceful probe failure when MWAIT is disabled
2018-08-09 12:16:39 +02:00
iio
iio/hid-sensors: Fix IIO_CHAN_INFO_RAW returning wrong values for signed numbers
2018-12-17 09:28:49 +01:00
infiniband
IB/usnic: Fix potential deadlock
2019-01-26 09:37:06 +01:00
input
Input: synaptics - enable SMBus for HP EliteBook 840 G4
2019-01-13 10:01:01 +01:00
iommu
iommu/vt-d: Handle domain agaw being less than iommu agaw
2019-01-13 10:01:06 +01:00
ipack
irqchip
irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
2018-09-15 09:45:29 +02:00
isdn
isdn: fix kernel-infoleak in capi_unlocked_ioctl
2019-01-09 17:14:43 +01:00
leds
leds: pm8058: Silence pointer to integer size warning
2018-03-19 08:42:50 +01:00
lightnvm
lightnvm: pblk: fix two sleep-in-atomic-context bugs
2018-11-13 11:14:52 -08:00
macintosh
macintosh/via-pmu: Add missing mmio accessors
2018-09-19 22:43:41 +02:00
mailbox
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
2018-09-09 19:55:54 +02:00
mcb
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
md
dm snapshot: Fix excessive memory usage and workqueue stalls
2019-01-26 09:37:05 +01:00
media
media: venus: core: Set dma maximum segment size
2019-01-26 09:37:03 +01:00
memory
memory: tegra: Apply interrupts mask per SoC
2018-08-03 07:50:38 +02:00
memstick
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
message
scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
2018-05-25 16:17:47 +02:00
mfd
mfd: tps6586x: Handle interrupts on suspend
2019-01-23 08:09:49 +01:00
misc
mei: me: add denverton innovation engine device IDs
2019-01-31 08:13:42 +01:00
mmc
mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS
2019-01-31 08:13:42 +01:00
mtd
mtd: atmel-quadspi: disallow building on ebsa110
2019-01-09 17:14:47 +01:00
mux
mux: core: fix double get_device()
2018-01-17 09:45:27 +01:00
net
net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling
2019-01-31 08:13:41 +01:00
nfc
NFC: nfcmrvl_uart: fix OF child-node lookup
2018-12-01 09:42:54 +01:00
ntb
ntb_transport: Fix bug with max_mw_size parameter
2018-04-26 11:02:13 +02:00
nubus
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nvdimm
libnvdimm, pfn: Pad pfn namespaces relative to other regions
2018-12-13 09:18:54 +01:00
nvme
nvmet-rdma: fix response use after free
2018-12-21 14:13:18 +01:00
nvmem
nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us
2018-08-24 13:09:14 +02:00
of
OF: properties: add missing of_node_put
2019-01-23 08:09:49 +01:00
oprofile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
parisc
parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
2018-05-30 07:52:28 +02:00
parport
parport: sunbpp: fix error return code
2018-09-26 08:38:12 +02:00
pci
PCI: dwc: Move interrupt acking into the proper callback
2019-01-26 09:37:07 +01:00
pcmcia
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
2018-11-13 11:14:46 -08:00
perf
arm64: perf: Reject stand-alone CHAIN events for PMUv3
2018-10-18 09:16:24 +02:00
phy
phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals
2018-08-15 18:12:48 +02:00
pinctrl
pinctrl: meson: fix pull enable register calculation
2019-01-13 10:00:56 +01:00
platform
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
2019-01-26 09:37:01 +01:00
pnp
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
power
power: supply: olpc_battery: correct the temperature units
2019-01-13 10:01:07 +01:00
powercap
pps
drivers/pps: use surrounding "if PPS" to remove numerous dependency checks
2017-09-08 18:26:51 -07:00
ps3
ptp
ptp: fix Spectre v1 vulnerability
2018-11-10 07:48:34 -08:00
pwm
pwm: meson: Fix mux clock names
2018-09-15 09:45:27 +02:00
rapidio
drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()'
2017-12-14 09:53:08 +01:00
ras
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
regulator
regulator: fix crash caused by null driver data
2018-10-03 17:00:55 -07:00
remoteproc
remoteproc: qcom: Fix potential device node leaks
2018-06-21 04:02:48 +09:00
reset
reset: make device_reset_optional() really optional
2018-12-08 13:03:40 +01:00
rpmsg
rpmsg: smd: fix memory leak on channel create
2018-11-13 11:15:12 -08:00
rtc
rtc: m41t80: Correct alarm month range with RTC reads
2019-01-09 17:14:52 +01:00
s390
s390/smp: fix CPU hotplug deadlock with CPU rescan
2019-01-31 08:13:43 +01:00
sbus
drivers/sbus/char: add of_node_put()
2018-12-21 14:13:13 +01:00
scsi
scsi: megaraid: fix out-of-bound array accesses
2019-01-26 09:37:06 +01:00
sfi
sh
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sn
soc
soc: ti: QMSS: Fix usage of irq_set_affinity_hint
2018-11-21 09:24:09 +01:00
spi
spi: bcm2835: Unbreak the build of esoteric configs
2019-01-09 17:14:53 +01:00
spmi
spmi: pmic-arb: Move the ownership check to irq_chip callback
2017-08-28 13:52:22 +02:00
ssb
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
staging
staging: wilc1000: fix missing read_write setting when reading data
2019-01-09 17:14:48 +01:00
target
scsi: target: use consistent left-aligned ASCII INQUIRY data
2019-01-26 09:37:03 +01:00
tc
TC: Set DMA masks for devices
2018-11-13 11:15:11 -08:00
tee
tee: check shm references are consistent in offset/size
2018-06-21 04:02:54 +09:00
thermal
thermal/drivers/hisi: Remove costly sensor inspection
2018-12-08 13:03:40 +01:00
thunderbolt
thunderbolt: Prevent crash when ICM firmware is not running
2018-04-24 09:36:29 +02:00
tty
tty/serial: do not free trasnmit buffer page under port lock
2019-01-26 09:37:04 +01:00
uio
uio: Fix an Oops on load
2018-11-27 16:10:51 +01:00
usb
USB: serial: pl2303: add new PID to support PL2303TB
2019-01-31 08:13:42 +01:00
uwb
uwb: hwa-rc: fix memory leak at probe
2018-10-03 17:00:46 -07:00
vfio
vfio/type1: Fix task tracking for QEMU vCPU hotplug
2018-08-03 07:50:23 +02:00
vhost
vhost: log dirty page correctly
2019-01-31 08:13:41 +01:00
video
omap2fb: Fix stack memory disclosure
2019-01-23 08:09:49 +01:00
virt
virt: Convert to using %pOF instead of full_name
2017-08-29 08:52:51 -05:00
virtio
virtio_balloon: fix increment of vb->num_pfns in fill_balloon()
2018-10-13 09:27:30 +02:00
vlynq
vme
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
w1
w1: omap-hdq: fix missing bus unregister at removal
2018-11-13 11:15:09 -08:00
watchdog
watchdog: da9063: Fix updating timeout value
2018-08-03 07:50:24 +02:00
xen
Revert "xen/balloon: Mark unallocated host memory as UNUSABLE"
2018-12-17 09:28:53 +01:00
zorro
zorro: Set up z->dev.dma_mask for the DMA API
2018-05-30 07:52:30 +02:00
Kconfig
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
Makefile
usb: build drivers/usb/common/ when USB_SUPPORT is set
2018-02-25 11:07:53 +01:00