a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
46864b108b
android_kernel_samsung_univ.../drivers
History
Gustavo A. R. Silva 46864b108b atm: zatm: Fix potential Spectre v1 
commit 2be147f7459db5bbf292e0a6f135037b55e20b39 upstream.

pool can be indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/atm/zatm.c:1462 zatm_ioctl() warn: potential spectre issue
'zatm_dev->pool_info' (local cap)

Fix this by sanitizing pool before using it to index
zatm_dev->pool_info

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-05-16 10:06:52 +02:00
..
accessibility
acpi ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E 2018-04-24 09:32:06 +02:00
amba ARM: amba: Don't read past the end of sysfs "driver_override" buffer 2018-05-02 07:53:42 -07:00
android binder: add missing binder_unlock() 2018-02-28 10:17:23 +01:00
ata libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs 2018-05-16 10:06:51 +02:00
atm atm: zatm: Fix potential Spectre v1 2018-05-16 10:06:52 +02:00
auxdisplay
base regmap: Fix reversed bounds check in regmap_raw_write() 2018-04-24 09:32:06 +02:00
bcma
block block/loop: fix deadlock after loop_set_status 2018-04-24 09:32:03 +02:00
bluetooth Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 2018-03-28 18:40:13 +02:00
bus bus: brcmstb_gisb: correct support for 64-bit address output 2018-04-13 19:50:05 +02:00
cdrom cdrom: information leak in cdrom_ioctl_media_changed() 2018-04-29 07:50:07 +02:00
char virtio_console: free buffers after reset 2018-05-02 07:53:40 -07:00
clk clk: bcm2835: De-assert/assert PLL reset signal when appropriate 2018-04-24 09:32:08 +02:00
clocksource
connector
cpufreq Revert "cpufreq: Fix governor module removal race" 2018-04-08 11:52:02 +02:00
cpuidle cpuidle: dt: Add missing 'of_node_put()' 2018-04-13 19:50:21 +02:00
crypto crypto: s5p-sss - Fix kernel Oops in AES-ECB mode 2018-02-25 11:03:55 +01:00
dca
devfreq
dio
dma dmaengine: at_xdmac: fix rare residue corruption 2018-04-24 09:32:08 +02:00
dma-buf
edac EDAC, mv64x60: Fix an error handling path 2018-04-13 19:50:23 +02:00
eisa
extcon
firewire
firmware
fmc
fpga
gpio gpio: label descriptors using the device name 2018-04-13 19:50:14 +02:00
gpu drm/vmwgfx: Fix a buffer object leak 2018-05-16 10:06:48 +02:00
hid HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device 2018-04-24 09:32:10 +02:00
hsi HSI: ssi_protocol: double free in ssip_pn_xmit() 2018-03-24 10:58:42 +01:00
hv
hwmon hwmon: (ina2xx) Fix access to uninitialized mutex 2018-04-24 09:32:04 +02:00
hwspinlock
hwtracing coresight: Fix disabling of CoreSight TPIU 2018-03-24 10:58:48 +01:00
i2c i2c: i2c-scmi: add a MS HID 2018-03-24 10:58:41 +01:00
ide
idle idle: i7300: add PCI dependency 2018-02-25 11:03:51 +01:00
iio iio: magnetometer: st_magn_spi: fix spi_device_id table 2018-04-13 19:50:21 +02:00
infiniband IB/mlx5: Use unlimited rate when static rate is not supported 2018-05-16 10:06:48 +02:00
input Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro 2018-05-16 10:06:48 +02:00
iommu iommu/vt-d: Fix a potential memory leak 2018-04-24 09:32:08 +02:00
ipack
irqchip irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis 2018-03-22 09:23:31 +01:00
isdn mISDN: Fix a sleep-in-atomic bug 2018-04-13 19:50:16 +02:00
leds leds: pca955x: Correct I2C Functionality 2018-04-13 19:50:09 +02:00
lguest
lightnvm
macintosh
mailbox
mcb
md bcache: segregate flash only volume write streams 2018-04-13 19:50:22 +02:00
media media: v4l2-compat-ioctl32: don't oops on overlay 2018-04-24 09:32:03 +02:00
memory
memstick
message scsi: mptsas: Disable WRITE SAME 2018-04-29 07:50:06 +02:00
mfd mfd: palmas: Reset the POWERHOLD mux during power off 2018-03-24 10:58:44 +01:00
misc drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests 2018-04-13 19:50:02 +02:00
mmc mmc: jz4740: Fix race condition in IRQ mask update 2018-04-24 09:32:08 +02:00
mtd gpmi-nand: Handle ECC Errors in erased pages 2018-05-16 10:06:47 +02:00
net can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() 2018-05-16 10:06:51 +02:00
nfc NFC: nfcmrvl: double free on error path 2018-03-22 09:23:23 +01:00
ntb
nubus
nvdimm
nvme
nvmem
of of: fix of_device_get_modalias returned length when truncating buffers 2018-03-22 09:23:21 +01:00
oprofile
parisc
parport parport_pc: Add support for WCH CH382L PCI-E single parallel port card. 2018-04-08 11:52:00 +02:00
pci ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() 2018-04-24 09:32:06 +02:00
pcmcia
perf drivers/perf: arm_pmu: handle no platform_device 2018-03-22 09:23:26 +01:00
phy
pinctrl pinctrl: Really force states during suspend/resume 2018-03-24 10:58:48 +01:00
platform platform/chrome: Use proper protocol transfer function 2018-03-24 10:58:47 +01:00
pnp
power power: supply: pda_power: move from timer to delayed_work 2018-03-24 10:58:45 +01:00
powercap PowerCap: Fix an error code in powercap_register_zone() 2018-04-13 19:50:05 +02:00
pps
ps3
ptp time: Change posix clocks ops interfaces to use timespec64 2018-03-24 10:58:40 +01:00
pwm pwm: tegra: Increase precision in PWM rate calculation 2018-03-22 09:23:27 +01:00
rapidio
ras
regulator regulator: anatop: set default voltage selector for pcie 2018-03-24 10:58:40 +01:00
remoteproc
reset
rpmsg
rtc rtc: interface: Validate alarm-time before handling rollover 2018-04-13 19:50:15 +02:00
s390 s390/cio: update chpid descriptor after resource accessibility event 2018-04-29 07:50:07 +02:00
sbus
scsi scsi: sd: Defer spinning up drive while SANITIZE is in progress 2018-05-02 07:53:42 -07:00
sfi
sh
sn
soc
spi spi: davinci: fix up dma_mapping_error() incorrect patch 2018-04-08 11:52:02 +02:00
spmi
ssb
staging staging: ion : Donnot wakeup kswapd in ion system alloc 2018-04-29 07:50:01 +02:00
target tcm_fileio: Prevent information leak for short reads 2018-03-24 10:58:45 +01:00
tc
thermal thermal: imx: Fix race condition in imx_thermal_probe() 2018-04-24 09:32:08 +02:00
thunderbolt thunderbolt: Resume control channel after hibernation image is created 2018-04-24 09:32:07 +02:00
tty serial: mctrl_gpio: Add missing module license 2018-05-02 07:53:43 -07:00
uio
usb usb: musb: host: fix potential NULL pointer dereference 2018-05-16 10:06:49 +02:00
uwb
vfio vfio/pci: Virtualize Maximum Read Request Size 2018-04-24 09:32:09 +02:00
vhost vhost: correctly remove wait queue during poll failure 2018-04-13 19:50:25 +02:00
video vfb: fix video mode and line_length being set when loaded 2018-04-13 19:50:13 +02:00
virt
virtio
vlynq
vme
w1
watchdog watchdog: f71808e_wdt: Fix WD_EN register read 2018-04-24 09:32:08 +02:00
xen xen/gntdev: Fix partial gntdev_mmap() cleanup 2018-03-03 10:19:45 +01:00
zorro
Kconfig
Makefile