shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-02 03:03:00 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
f0e3b74a4dc0ce27abccdfdcd41eae73cee4b9ac
linux/drivers
History
Gustavo A. R. Silva f0e3b74a4d IB/ucm: Fix Spectre v1 vulnerability 
commit 0295e39595 upstream.

hdr.cmd can be indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/infiniband/core/ucm.c:1127 ib_ucm_write() warn: potential
spectre issue 'ucm_cmd_table' [r] (local cap)

Fix this by sanitizing hdr.cmd before using it to index
ucm_cmd_table.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-11-10 07:48:35 -08:00
..
accessibility
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
acpi
ACPI / scan: Initialize status to ACPI_STA_DEFAULT
2018-09-15 09:45:30 +02:00
amba
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
2018-05-01 12:58:21 -07:00
android
android: binder: fix the race mmap and alloc_new_buf_locked
2018-09-19 22:43:35 +02:00
ata
ata: ftide010: Add a quirk for SQ201
2018-10-03 17:00:59 -07:00
atm
atm: zatm: Fix potential Spectre v1
2018-07-22 14:28:43 +02:00
auxdisplay
auxdisplay: fix broken menu
2018-07-03 11:24:56 +02:00
base
PM / core: Clear the direct_complete flag on errors
2018-10-13 09:27:25 +02:00
bcma
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
block
floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
2018-10-03 17:00:54 -07:00
bluetooth
Bluetooth: hci_ldisc: Free rw_semaphore on close
2018-10-18 09:16:21 +02:00
bus
drivers/perf: arm-ccn: don't log to dmesg in event_init
2018-08-03 07:50:31 +02:00
cdrom
cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
2018-09-05 09:26:42 +02:00
char
tpm: tpm_crb: relinquish locality on error path.
2018-11-04 14:52:44 +01:00
clk
clk: x86: Stop marking clocks as CLK_IS_CRITICAL
2018-10-18 09:16:22 +02:00
clocksource
clocksource/drivers/fttmr010: Fix set_next_event handler
2018-10-20 09:48:52 +02:00
connector
cpufreq
cpufreq: governor: Avoid accessing invalid governor_data
2018-09-09 19:55:58 +02:00
cpuidle
cpuidle: powernv: Fix promotion from snooze if next state disabled
2018-07-03 11:24:51 +02:00
crypto
crypto: chelsio - Fix memory corruption in DMA Mapped buffers.
2018-10-13 09:27:28 +02:00
dax
dev-dax: check_vma: ratelimit dev_info-s
2018-08-24 13:09:08 +02:00
dca
devfreq
PM / devfreq: Fix potential NULL pointer dereference in governor_store
2018-04-12 12:32:13 +02:00
dio
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dma
dmaengine: mv_xor_v2: kill the tasklets upon exit
2018-09-26 08:38:05 +02:00
dma-buf
dma-buf: remove redundant initialization of sg_table
2018-06-05 11:41:57 +02:00
edac
EDAC: Fix memleak in module init error path
2018-10-03 17:00:53 -07:00
eisa
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
extcon
extcon: Release locking when sending the notification of connector state
2018-09-09 19:55:56 +02:00
firewire
firewire-ohci: work around oversized DMA reads on JMicron controllers
2018-04-26 11:02:03 +02:00
firmware
efi/esrt: Only call efi_mem_reserve() for boot services memory
2018-09-26 08:38:10 +02:00
fmc
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fpga
fpga-manager: altera-ps-spi: preserve nCONFIG state
2018-05-01 12:58:24 -07:00
fsi
drivers/fsi/scom: Remove reset before every putscom
2017-08-28 17:15:16 +02:00
gpio
gpio: mxs: Get rid of external API call
2018-11-10 07:48:34 -08:00
gpu
drm: fb-helper: Reject all pixel format changing requests
2018-11-10 07:48:35 -08:00
hid
HID: quirks: fix support for Apple Magic Keyboards
2018-10-20 09:48:53 +02:00
hsi
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hv
Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect()
2018-10-10 08:54:28 +02:00
hwmon
hwmon: (adt7475) Make adt7475_read_word() return errors
2018-10-03 17:00:58 -07:00
hwspinlock
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hwtracing
intel_th: pci: Add Ice Lake PCH support
2018-10-20 09:48:50 +02:00
i2c
i2c: rcar: handle RXDMA HW behaviour on Gen3
2018-10-20 09:48:54 +02:00
ide
cdrom: do not call check_disk_change() inside cdrom_open()
2018-05-30 07:52:34 +02:00
idle
intel_idle: Graceful probe failure when MWAIT is disabled
2018-08-09 12:16:39 +02:00
iio
Revert "iio: temperature: maxim_thermocouple: add MAX31856 part"
2018-10-10 08:54:24 +02:00
infiniband
IB/ucm: Fix Spectre v1 vulnerability
2018-11-10 07:48:35 -08:00
input
Input: atakbd - fix Atari CapsLock behaviour
2018-10-20 09:48:50 +02:00
iommu
iommu/amd: Return devid as alias for ACPI HID devices
2018-10-20 09:48:52 +02:00
ipack
irqchip
irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
2018-09-15 09:45:29 +02:00
isdn
isdn: Disable IIOCDBGVAR
2018-08-22 07:46:11 +02:00
leds
leds: pm8058: Silence pointer to integer size warning
2018-03-19 08:42:50 +01:00
lightnvm
lightnvm: pblk: free padded entries in write buffer
2018-09-15 09:45:35 +02:00
macintosh
macintosh/via-pmu: Add missing mmio accessors
2018-09-19 22:43:41 +02:00
mailbox
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
2018-09-09 19:55:54 +02:00
mcb
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
md
dm integrity: fail early if required HMAC key is not available
2018-11-04 14:52:42 +01:00
media
media: uvcvideo: Fix driver reference counting
2018-11-04 14:52:47 +01:00
memory
memory: tegra: Apply interrupts mask per SoC
2018-08-03 07:50:38 +02:00
memstick
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
message
scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
2018-05-25 16:17:47 +02:00
mfd
mfd: omap-usb-host: Fix dts probe of children
2018-10-18 09:16:21 +02:00
misc
eeprom: at24: Add support for address-width property
2018-11-10 07:48:33 -08:00
mmc
mmc: dw_mmc-rockchip: correct property names in debug
2018-11-04 14:52:44 +01:00
mtd
mtd: spi-nor: Add support for is25wp series chips
2018-11-04 14:52:47 +01:00
mux
mux: core: fix double get_device()
2018-01-17 09:45:27 +01:00
net
net: bcmgenet: Poll internal PHY for GENETv5
2018-11-04 14:52:50 +01:00
nfc
NFC: pn533: Fix wrong GFP flag usage
2018-08-24 13:09:06 +02:00
ntb
ntb_transport: Fix bug with max_mw_size parameter
2018-04-26 11:02:13 +02:00
nubus
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nvdimm
libnvdimm: fix ars_status output length calculation
2018-09-09 19:56:01 +02:00
nvme
nvme_fc: fix ctrl create failures racing with workq items
2018-10-13 09:27:28 +02:00
nvmem
nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us
2018-08-24 13:09:14 +02:00
of
of: unittest: Disable interrupt node tests for old world MAC systems
2018-10-13 09:27:27 +02:00
oprofile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
parisc
parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
2018-05-30 07:52:28 +02:00
parport
parport: sunbpp: fix error return code
2018-09-26 08:38:12 +02:00
pci
PCI: dwc: Fix scheduling while atomic issues
2018-10-20 09:48:51 +02:00
pcmcia
PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle
2018-05-30 07:52:39 +02:00
perf
arm64: perf: Reject stand-alone CHAIN events for PMUv3
2018-10-18 09:16:24 +02:00
phy
phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals
2018-08-15 18:12:48 +02:00
pinctrl
pinctrl: mcp23s08: fix irq and irqchip setup order
2018-10-18 09:16:24 +02:00
platform
platform/x86: alienware-wmi: Correct a memory leak
2018-09-29 03:06:03 -07:00
pnp
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
power
power: remove possible deadlock when unregistering power_supply
2018-10-03 17:00:47 -07:00
powercap
pps
drivers/pps: use surrounding "if PPS" to remove numerous dependency checks
2017-09-08 18:26:51 -07:00
ps3
ptp
ptp: fix Spectre v1 vulnerability
2018-11-10 07:48:34 -08:00
pwm
pwm: meson: Fix mux clock names
2018-09-15 09:45:27 +02:00
rapidio
drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()'
2017-12-14 09:53:08 +01:00
ras
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
regulator
regulator: fix crash caused by null driver data
2018-10-03 17:00:55 -07:00
remoteproc
remoteproc: qcom: Fix potential device node leaks
2018-06-21 04:02:48 +09:00
reset
reset: imx7: Fix always writing bits as 0
2018-09-26 08:38:03 +02:00
rpmsg
Revert "rpmsg: core: add support to power domains for devices"
2018-09-29 03:06:04 -07:00
rtc
rtc: bq4802: add error handling for devm_ioremap
2018-09-26 08:38:13 +02:00
s390
s390/qeth: fix error handling in adapter command callbacks
2018-11-04 14:52:42 +01:00
sbus
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
scsi
scsi: sd: Remember that READ CAPACITY(16) succeeded
2018-11-04 14:52:45 +01:00
sfi
sh
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sn
soc
soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift()
2018-11-04 14:52:38 +01:00
spi
spi: rspi: Fix interrupted DMA transfers
2018-10-03 17:00:55 -07:00
spmi
spmi: pmic-arb: Move the ownership check to irq_chip callback
2017-08-28 13:52:22 +02:00
ssb
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
staging
staging: ccree: check DMA pool buf !NULL before free
2018-10-20 09:48:53 +02:00
target
scsi: iscsi: target: Don't use stack buffer for scatterlist
2018-10-18 09:16:21 +02:00
tc
tee
tee: check shm references are consistent in offset/size
2018-06-21 04:02:54 +09:00
thermal
thermal: of-thermal: disable passive polling when thermal zone is disabled
2018-10-03 17:00:57 -07:00
thunderbolt
thunderbolt: Prevent crash when ICM firmware is not running
2018-04-24 09:36:29 +02:00
tty
tty: Drop tty->count on tty_reopen() failure
2018-10-13 09:27:26 +02:00
uio
uio: potential double frees if __uio_register_device() fails
2018-09-19 22:43:40 +02:00
usb
USB: serial: option: add two-endpoints device-id flag
2018-11-10 07:48:34 -08:00
uwb
uwb: hwa-rc: fix memory leak at probe
2018-10-03 17:00:46 -07:00
vfio
vfio/type1: Fix task tracking for QEMU vCPU hotplug
2018-08-03 07:50:23 +02:00
vhost
vhost: Fix Spectre V1 vulnerability
2018-11-04 14:52:49 +01:00
video
pxa168fb: prepare the clock
2018-11-04 14:52:39 +01:00
virt
virt: Convert to using %pOF instead of full_name
2017-08-29 08:52:51 -05:00
virtio
virtio_balloon: fix increment of vb->num_pfns in fill_balloon()
2018-10-13 09:27:30 +02:00
vlynq
vme
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
w1
1wire: family module autoload fails because of upper/lower case mismatch.
2018-07-03 11:24:47 +02:00
watchdog
watchdog: da9063: Fix updating timeout value
2018-08-03 07:50:24 +02:00
xen
xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
2018-10-10 08:54:26 +02:00
zorro
zorro: Set up z->dev.dma_mask for the DMA API
2018-05-30 07:52:30 +02:00
Kconfig
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
Makefile
usb: build drivers/usb/common/ when USB_SUPPORT is set
2018-02-25 11:07:53 +01:00