public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-05-24 10:39:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/gpu/drm
History
Gustavo A. R. Silva 505b524032 drm/ioctl: Fix Spectre v1 vulnerabilities 
nr is indirectly controlled by user-space, hence leading to a
potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/gpu/drm/drm_ioctl.c:805 drm_ioctl() warn: potential spectre issue 'dev->driver->ioctls' [r]
drivers/gpu/drm/drm_ioctl.c:810 drm_ioctl() warn: potential spectre issue 'drm_ioctls' [r] (local cap)
drivers/gpu/drm/drm_ioctl.c:892 drm_ioctl_flags() warn: potential spectre issue 'drm_ioctls' [r] (local cap)

Fix this by sanitizing nr before using it to index dev->driver->ioctls
and drm_ioctls.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20181220000015.GA18973@embeddedor
2018-12-20 08:13:29 +01:00
..
amd drm/amdgpu: drop fclk/gfxclk ratio setting 2018-12-12 14:52:29 -05:00
arc
arm
armada
ast drm/ast: Fix connector leak during driver unload 2018-12-06 14:12:02 +10:00
atmel-hlcdc
bochs
bridge drm/bridge: fix AUX_CMD_SEND bit value for ti, sn65dsi86 bridge 2018-11-30 10:45:06 -05:00
cirrus
etnaviv
exynos
fsl-dcu
gma500
hisilicon
i2c
i810
i915 drm/i915: Flush GPU relocs harder for gen3 2018-12-12 12:27:44 +02:00
imx
lib
mediatek drm/mediatek: Only try to attach bridge if there is one 2018-12-03 11:08:22 +08:00
meson drm/meson: add support for 1080p25 mode 2018-11-26 16:14:28 -05:00
mga
mgag200
msm drm/msm: Fix error return checking 2018-12-03 08:46:14 -05:00
mxsfb
nouveau Merge branch 'linux-4.20' of git://github.com/skeggsb/linux into drm-fixes 2018-12-13 09:33:50 +10:00
omapdrm drm/omap: fix incorrect union usage 2018-12-03 14:46:30 +02:00
panel
pl111
qxl
r128
radeon
rcar-du drm: rcar-du: Fix DU3 start/stop on M3-N 2018-11-26 10:42:22 +02:00
rockchip Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" 2018-12-11 15:15:57 +01:00
savage
scheduler
selftests
shmobile
sis
sti
stm
sun4i
tdfx
tegra
tilcdc
tinydrm
ttm drm/ttm: fix LRU handling in ttm_buffer_object_transfer 2018-11-30 12:12:16 -05:00
tve200
udl
v3d
vc4
vgem
via
virtio
vkms
vmwgfx drm/vmwgfx: Protect from excessive execbuf kernel memory allocations v3 2018-12-13 13:04:25 +01:00
xen
zte
ati_pcigart.c
drm_agpsupport.c
drm_atomic.c
drm_atomic_helper.c
drm_atomic_uapi.c
drm_auth.c drm: set is_master to 0 upon drm_new_set_master() failure 2018-11-26 16:14:27 -05:00
drm_blend.c
drm_bridge.c
drm_bufs.c
drm_cache.c
drm_client.c
drm_color_mgmt.c
drm_connector.c
drm_context.c
drm_crtc.c
drm_crtc_helper.c
drm_crtc_helper_internal.h
drm_crtc_internal.h
drm_debugfs.c
drm_debugfs_crc.c
drm_dma.c
drm_dp_aux_dev.c
drm_dp_cec.c
drm_dp_dual_mode_helper.c
drm_dp_helper.c
drm_dp_mst_topology.c Revert "drm/dp_mst: Skip validating ports during destruction, just ref" 2018-11-28 16:22:17 -05:00
drm_drv.c
drm_dumb_buffers.c
drm_edid.c
drm_edid_load.c
drm_encoder.c
drm_encoder_slave.c
drm_fb_cma_helper.c
drm_fb_helper.c drm/fb-helper: Fix typo in parameter description 2018-12-04 14:22:20 +01:00
drm_file.c
drm_flip_work.c
drm_fourcc.c
drm_framebuffer.c
drm_gem.c
drm_gem_cma_helper.c
drm_gem_framebuffer_helper.c
drm_global.c
drm_hashtab.c
drm_info.c
drm_internal.h drm/lease: Send a distinct uevent 2018-11-30 10:57:18 +01:00
drm_ioc32.c
drm_ioctl.c drm/ioctl: Fix Spectre v1 vulnerabilities 2018-12-20 08:13:29 +01:00
drm_irq.c
drm_kms_helper_common.c
drm_lease.c drm/lease: Send a distinct uevent 2018-11-30 10:57:18 +01:00
drm_legacy.h
drm_lock.c
drm_memory.c
drm_mipi_dsi.c
drm_mm.c
drm_mode_config.c
drm_mode_object.c
drm_modes.c
drm_modeset_helper.c
drm_modeset_lock.c
drm_of.c
drm_panel.c
drm_panel_orientation_quirks.c
drm_pci.c
drm_plane.c
drm_plane_helper.c
drm_prime.c
drm_print.c
drm_probe_helper.c
drm_property.c
drm_rect.c
drm_scatter.c
drm_scdc_helper.c
drm_simple_kms_helper.c
drm_syncobj.c
drm_sysfs.c drm/lease: Send a distinct uevent 2018-11-30 10:57:18 +01:00
drm_trace.h
drm_trace_points.c
drm_vblank.c
drm_vm.c
drm_vma_manager.c
drm_writeback.c
Kconfig
Makefile