redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/drivers/tty/vt
History
Gustavo A. R. Silva 4334a6ae86 tty: vt_ioctl: fix potential Spectre v1 
commit e97267cb4d upstream.

vsa.console is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/tty/vt/vt_ioctl.c:711 vt_ioctl() warn: potential spectre issue
'vc_cons' [r]

Fix this by sanitizing vsa.console before using it to index vc_cons

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-09-29 03:06:06 -07:00
..
.gitignore
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
consolemap.c vt: use memdup_user in PIO_UNIMAP ioctl 2017-06-09 11:07:36 +02:00
cp437.uni
defkeymap.c_shipped
defkeymap.map
keyboard.c tty/vt/keyboard: Remove AVR32 bits from the driver 2017-05-18 16:34:55 +02:00
selection.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vc_screen.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vt.c vt: prevent leaking uninitialized data to userspace via /dev/vcs* 2018-07-08 15:30:47 +02:00
vt_ioctl.c tty: vt_ioctl: fix potential Spectre v1 2018-09-29 03:06:06 -07:00