mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
aa58acf325b4aadeecae2bfc90658273b47dbace
linux/drivers
History
Jinbum Park 3a2af7cccb mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom 
User controls @idx which to be used as index of hwsim_world_regdom_custom.
So, It can be exploited via Spectre-like attack. (speculative execution)

This kind of attack leaks address of hwsim_world_regdom_custom,
It leads an attacker to bypass security mechanism such as KASLR.

So sanitize @idx before using it to prevent attack.

I leveraged strategy [1] to find and exploit this gadget.

[1] https://github.com/jinb-park/linux-exploit/tree/master/exploit-remaining-spectre-gadget/

Signed-off-by: Jinbum Park <jinb.park7@gmail.com>
[johannes: unwrap URL]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2018-08-28 11:14:56 +02:00
..
accessibility
acpi
Merge branch 'acpi-soc'
2018-07-31 10:35:47 +02:00
amba
Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm
2018-06-06 13:49:25 -07:00
android
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
ata
ata: Remove depends on HAS_DMA in case of platform dependency
2018-07-02 13:18:22 -07:00
atm
atm: zatm: Fix potential Spectre v1
2018-06-30 21:24:18 +09:00
auxdisplay
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
base
Merge tag 'driver-core-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2018-07-26 09:25:03 -07:00
bcma
Merge tag 'dma-mapping-4.18' of git://git.infradead.org/users/hch/dma-mapping
2018-06-04 10:58:12 -07:00
block
zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature
2018-08-10 20:19:59 -07:00
bluetooth
bluetooth: hci_nokia: Don't include linux/unaligned/le_struct.h directly.
2018-06-17 08:38:55 +09:00
bus
bus: ti-sysc: Use 2-factor allocator arguments
2018-07-02 04:24:44 -07:00
cdrom
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
char
Merge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random
2018-07-28 19:40:06 -07:00
clk
clk: aspeed: Support HPLL strapping on ast2400
2018-07-11 09:34:25 -07:00
clocksource
clocksource: arm_arch_timer: Set arch_mem_timer cpumask to cpu_possible_mask
2018-07-10 22:12:47 +02:00
connector
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-06-06 18:39:49 -07:00
cpufreq
cpufreq: intel_pstate: Limit the scope of HWP dynamic boost platforms
2018-07-31 10:39:58 +02:00
cpuidle
Merge tag 'powerpc-4.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2018-06-07 10:23:33 -07:00
crypto
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-08-03 10:09:45 -07:00
dax
Merge tag 'libnvdimm-fixes-4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2018-07-13 10:54:01 -07:00
dca
devfreq
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
dio
dma
dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
2018-06-28 11:57:21 +05:30
dma-buf
edac
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
eisa
extcon
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
firewire
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
firmware
efi/libstub/tpm: Initialize efi_physical_addr_t vars to zero for mixed mode
2018-06-22 10:58:27 +02:00
fmc
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
fpga
fpga: altera-cvp: Fix an error handling path in 'altera_cvp_probe()'
2018-07-07 16:55:22 +02:00
fsi
gpio
gpiolib-acpi: make sure we trigger edge events at least once on boot
2018-08-01 11:45:10 +02:00
gpu
Merge tag 'drm-misc-fixes-2018-07-27' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
2018-08-01 08:54:35 +10:00
hid
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
2018-07-09 17:16:11 -07:00
hsi
hv
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
hwmon
hwmon: (nct6775) Fix loop limit
2018-06-16 16:40:36 -07:00
hwspinlock
Merge tag 'hwlock-v4.18' of git://github.com/andersson/remoteproc
2018-06-11 12:09:19 -07:00
hwtracing
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
i2c
i2c: xlp9xx: Fix case where SSIF read transaction completes early
2018-08-09 17:41:13 +02:00
ide
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
idle
iio
iio: imu: inv_mpu6050: Fix probe() failure on older ACPI based machines
2018-06-24 14:50:52 +01:00
infiniband
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
2018-08-03 10:49:47 -07:00
input
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
2018-07-27 09:53:45 -07:00
iommu
Revert "iommu/vt-d: Clean up pasid quirk for pre-production devices"
2018-07-20 13:55:56 +02:00
ipack
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
irqchip
irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug
2018-06-22 14:22:02 +02:00
isdn
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
leds
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
lightnvm
Merge tag 'for-linus-20180623' of git://git.kernel.dk/linux-block
2018-06-24 06:33:54 +08:00
macintosh
Merge tag 'powerpc-4.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2018-06-07 10:23:33 -07:00
mailbox
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
mcb
md
Merge tag 'for-4.18/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
2018-07-20 14:24:17 -07:00
media
Merge tag 'media/v4.18-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
2018-08-02 16:55:42 -07:00
memory
Merge tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2018-06-12 18:28:00 -07:00
memstick
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
message
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
mfd
Merge branch 'i2c/for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2018-06-14 16:21:46 +09:00
misc
Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-07-22 12:04:51 -07:00
mmc
mmc: mxcmmc: Fix missing parentheses and brace
2018-07-16 11:45:44 +02:00
mtd
mtd: spi-nor: cadence-quadspi: Fix direct mode write timeouts
2018-07-03 10:01:44 +02:00
mux
net
mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
2018-08-28 11:14:56 +02:00
nfc
NFC: pn533: Fix wrong GFP flag usage
2018-06-25 21:36:45 +08:00
ntb
Merge tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2018-06-12 18:28:00 -07:00
nubus
Merge tag 'char-misc-4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2018-06-05 16:20:22 -07:00
nvdimm
Merge tag 'libnvdimm-fixes-4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2018-07-13 10:54:01 -07:00
nvme
Merge tag 'for-linus-20180727' of git://git.kernel.dk/linux-block
2018-07-27 12:51:00 -07:00
nvmem
nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us
2018-07-07 17:30:25 +02:00
of
of: overlay: update phandle cache on overlay apply and remove
2018-07-16 08:41:32 -06:00
opp
PM / OPP: Update voltage in case freq == old_freq
2018-06-19 15:53:32 +05:30
oprofile
treewide: Use array_size() in vmalloc()
2018-06-12 16:19:22 -07:00
parisc
Merge tag 'dma-mapping-4.18' of git://git.infradead.org/users/hch/dma-mapping
2018-06-04 10:58:12 -07:00
parport
docs: Fix some broken references
2018-06-15 18:10:01 -03:00
pci
Merge tag 'pci-v4.18-fixes-5' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
2018-08-02 10:59:19 -07:00
pcmcia
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
perf
drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error
2018-06-18 17:48:42 +01:00
phy
phy: mapphone-mdm6600: Fix wrong enum used for status lines
2018-06-29 12:00:22 +05:30
pinctrl
pinctrl: nsp: Fix potential NULL dereference
2018-07-14 12:47:04 +02:00
platform
platform/x86: dell-laptop: Fix backlight detection
2018-07-20 15:29:59 +03:00
pnp
Merge tag 'media/v4.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
2018-06-07 12:34:37 -07:00
power
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
powercap
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
pps
ps3
ptp
ptp: fix missing break in switch
2018-07-18 15:25:25 -07:00
pwm
Merge tag 'pwm/for-4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
2018-06-14 16:25:43 +09:00
rapidio
treewide: Use array_size() in vmalloc()
2018-06-12 16:19:22 -07:00
ras
regulator
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
remoteproc
treewide: use PHYS_ADDR_MAX to avoid type casting ULLONG_MAX
2018-06-15 07:55:25 +09:00
reset
Merge tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2018-06-12 18:28:00 -07:00
rpmsg
rpmsg: smd: do not use mananged resources for endpoints and channels
2018-06-04 12:35:03 -07:00
rtc
rtc: fix alarm read and set offset
2018-07-13 10:37:54 +02:00
s390
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
2018-07-06 09:14:34 -07:00
sbus
fix a series of Documentation/ broken file name references
2018-06-15 18:10:01 -03:00
scsi
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2018-07-31 09:46:36 -07:00
sfi
sh
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
siox
slimbus
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
sn
soc
Merge tag 'imx-fixes-4.18-3' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes
2018-07-19 15:09:59 -07:00
soundwire
docs: Fix more broken references
2018-06-15 18:11:26 -03:00
spi
treewide: devm_kzalloc() -> devm_kcalloc()
2018-06-12 16:19:22 -07:00
spmi
ssb
staging
staging: ashmem: Fix SIGBUS crash when traversing mmaped ashmem pages
2018-08-01 10:08:57 -07:00
target
scsi: target: iscsi: cxgbit: fix max iso npdu calculation
2018-07-12 23:04:06 -04:00
tc
tee
thermal
Merge tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2018-06-12 18:28:00 -07:00
thunderbolt
thunderbolt: Notify userspace when boot_acl is changed
2018-07-07 17:29:17 +02:00
tty
vt: prevent leaking uninitialized data to userspace via /dev/vcs*
2018-06-28 21:34:39 +09:00
uio
uio: fix crash after the device is unregistered
2018-07-07 16:57:35 +02:00
usb
usb: core: handle hub C_PORT_OVER_CURRENT condition
2018-07-21 08:38:29 +02:00
uwb
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
vfio
Merge tag 'powerpc-4.18-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2018-07-21 16:46:53 -07:00
vhost
vhost: reset metadata cache when initializing new IOTLB
2018-08-08 09:44:39 -07:00
video
Merge tag 'docs-broken-links' of git://linuxtv.org/mchehab/experimental
2018-06-17 05:25:18 +09:00
virt
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
virtio
virtio_balloon: fix another race between migration and ballooning
2018-07-30 16:45:33 +03:00
visorbus
vlynq
vme
w1
Merge tag 'char-misc-4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
2018-06-05 16:20:22 -07:00
watchdog
Merge tag 'mips_4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
2018-06-12 12:56:02 -07:00
xen
Merge tag 'for-linus-4.18-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
2018-06-23 20:44:11 +08:00
zorro
Merge tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2018-06-06 17:27:14 -07:00
Kconfig
Makefile