iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/arch
History
Dianzhang Chen 30a9b8b4b7 x86/tls: Fix possible spectre-v1 in do_get_thread_area() 
commit 993773d11d45c90cb1c6481c2638c3d9f092ea5b upstream.

The index to access the threads tls array is controlled by userspace
via syscall: sys_ptrace(), hence leading to a potential exploitation
of the Spectre variant 1 vulnerability.

The index can be controlled from:
        ptrace -> arch_ptrace -> do_get_thread_area.

Fix this by sanitizing the user supplied index before using it to access
the p->thread.tls_array.

Signed-off-by: Dianzhang Chen <dianzhangchen0@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: bp@alien8.de
Cc: hpa@zytor.com
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/1561524630-3642-1-git-send-email-dianzhangchen0@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-07-21 09:04:31 +02:00
..
alpha
alpha: Fix Eiger NR_IRQS to 128
2019-02-20 10:20:53 +01:00
arc
ARC: handle gcc generated __builtin_trap for older compiler
2019-07-10 09:54:42 +02:00
arm
ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
2019-07-21 09:04:25 +02:00
arm64
arm64: kaslr: keep modules inside module region when KASAN is enabled
2019-07-10 09:54:40 +02:00
blackfin
pinctrl: adi2: Fix Kconfig build problem
2017-12-20 10:10:34 +01:00
c6x
License cleanup: add SPDX license identifier to uapi header files with a license
2017-11-02 11:20:11 +01:00
cris
bug.h: work around GCC PR82365 in BUG()
2018-05-30 07:52:00 +02:00
frv
License cleanup: add SPDX license identifier to uapi header files with a license
2017-11-02 11:20:11 +01:00
h8300
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
2019-04-05 22:31:25 +02:00
hexagon
hexagon: modify ffs() and fls() to return int
2018-10-10 08:54:25 +02:00
ia64
ia64: fix build errors by exporting paddr_to_nid()
2019-06-22 08:16:17 +02:00
m32r
m32r: fix endianness constraints
2018-02-28 10:19:44 +01:00
m68k
m68k: Add -ffreestanding to CFLAGS
2019-03-23 14:35:21 +01:00
metag
.gitignore: move *.dtb and *.dtb.S patterns to the top-level .gitignore
2018-02-13 10:19:46 +01:00
microblaze
microblaze: Fix simpleImage format generation
2018-08-03 07:50:40 +02:00
mips
MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
2019-07-10 09:54:43 +02:00
mn10300
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
2018-02-16 20:23:11 +01:00
nios2
.gitignore: move *.dtb and *.dtb.S patterns to the top-level .gitignore
2018-02-13 10:19:46 +01:00
openrisc
openrisc: entry: Fix delay slot exception detection
2018-08-24 13:09:11 +02:00
parisc
parisc: Fix compiler warnings in float emulation code
2019-06-25 11:36:51 +08:00
powerpc
powerpc/bpf: use unsigned division instruction for 64-bit operations
2019-06-25 11:36:54 +08:00
s390
KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
2019-06-19 08:20:58 +02:00
score
License cleanup: add SPDX license identifier to uapi header files with no license
2017-11-02 11:19:54 +01:00
sh
sh: fix multiple function definition build errors
2019-05-08 07:20:51 +02:00
sparc
sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
2019-06-25 11:36:52 +08:00
tile
fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall
2017-12-17 15:07:59 +01:00
um
uml: fix a boot splat wrt use of cpu_all_mask
2019-06-15 11:54:53 +02:00
unicore32
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
2018-02-22 15:42:23 +01:00
x86
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
2019-07-21 09:04:31 +02:00
xtensa
xtensa: Fix section mismatch between memblock_reserve and mem_reserve
2019-06-25 11:36:52 +08:00
.gitignore
Kconfig
compiler.h: Allow arch-specific asm/compiler.h
2018-11-04 14:52:46 +01:00