a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
581c294184
android_kernel_samsung_univ.../net
History
Jeremy Cline 8cac0ce0a8 netlink: Fix spectre v1 gadget in netlink_create() 
[ Upstream commit bc5b6c0b62b932626a135f516a41838c510c6eba ]

'protocol' is a user-controlled value, so sanitize it after the bounds
check to avoid using it for speculative out-of-bounds access to arrays
indexed by it.

This addresses the following accesses detected with the help of smatch:

* net/netlink/af_netlink.c:654 __netlink_create() warn: potential
  spectre issue 'nlk_cb_mutex_keys' [w]

* net/netlink/af_netlink.c:654 __netlink_create() warn: potential
  spectre issue 'nlk_cb_mutex_key_strings' [w]

* net/netlink/af_netlink.c:685 netlink_create() warn: potential spectre
  issue 'nl_table' [w] (local cap)

Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-08-06 16:24:41 +02:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv
bluetooth Bluetooth: Fix connection if directed advertising and privacy is used 2018-07-03 11:21:35 +02:00
bridge netfilter: ebtables: reject non-bridge targets 2018-07-22 14:25:54 +02:00
caif
can
ceph
core rtnetlink: add rtnl_link_state check in rtnl_configure_link 2018-07-28 07:45:02 +02:00
dcb
dccp net: dccp: switch rx_tstamp_last_feedback to monotonic clock 2018-07-22 14:25:52 +02:00
decnet
dns_resolver KEYS: DNS: fix parsing multiple options 2018-07-22 14:25:54 +02:00
dsa net: dsa: Do not suspend/resume closed slave_dev 2018-08-06 16:24:41 +02:00
ethernet
hsr
ieee802154
ipv4 inet: frag: enforce memory limits earlier 2018-08-06 16:24:41 +02:00
ipv6 ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull 2018-07-28 07:45:03 +02:00
ipx
irda
iucv
key af_key: Always verify length of provided sadb_key 2018-06-16 09:54:25 +02:00
l2tp
l3mdev
lapb
llc
mac80211
mac802154
mpls
netfilter netfilter: nf_queue: augment nfqa_cfg_policy 2018-07-17 11:31:46 +02:00
netlabel
netlink netlink: Fix spectre v1 gadget in netlink_create() 2018-08-06 16:24:41 +02:00
netrom
nfc net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL. 2018-07-22 14:25:54 +02:00
openvswitch
packet
phonet
rds rds: avoid unenecessary cong_update in loop transport 2018-07-22 14:25:54 +02:00
rfkill
rose
rxrpc
sched net_sched: blackhole: tell upper qdisc about dropped packets 2018-07-22 14:25:53 +02:00
sctp
sunrpc
switchdev
tipc
unix
vmw_vsock
wimax
wireless
x25
xfrm xfrm: skip policies marked as dead while rehashing 2018-07-03 11:21:32 +02:00
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c