iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/arch
History
Dianzhang Chen 0ad94dc664 x86/tls: Fix possible spectre-v1 in do_get_thread_area() 
commit 993773d11d45c90cb1c6481c2638c3d9f092ea5b upstream.

The index to access the threads tls array is controlled by userspace
via syscall: sys_ptrace(), hence leading to a potential exploitation
of the Spectre variant 1 vulnerability.

The index can be controlled from:
        ptrace -> arch_ptrace -> do_get_thread_area.

Fix this by sanitizing the user supplied index before using it to access
the p->thread.tls_array.

Signed-off-by: Dianzhang Chen <dianzhangchen0@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: bp@alien8.de
Cc: hpa@zytor.com
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/1561524630-3642-1-git-send-email-dianzhangchen0@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-07-21 09:05:58 +02:00
..
alpha
alpha: Fix Eiger NR_IRQS to 128
2019-02-20 10:18:32 +01:00
arc
ARC: handle gcc generated __builtin_trap for older compiler
2019-07-10 09:55:44 +02:00
arm
ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
2019-07-21 09:05:55 +02:00
arm64
arm64: kaslr: keep modules inside module region when KASAN is enabled
2019-07-10 09:55:47 +02:00
avr32
Merge branch 'akpm' (patches from Andrew)
2016-10-07 21:38:00 -07:00
blackfin
pinctrl: adi2: Fix Kconfig build problem
2017-12-20 10:07:32 +01:00
c6x
c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
2017-03-31 10:31:46 +02:00
cris
cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected
2017-01-12 11:39:24 +01:00
frv
futex: Remove duplicated code and fix undefined behaviour
2018-05-19 10:27:00 +02:00
h8300
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
2019-04-05 22:29:05 +02:00
hexagon
hexagon: modify ffs() and fls() to return int
2018-10-10 08:53:21 +02:00
ia64
bug.h: work around GCC PR82365 in BUG()
2019-07-10 09:55:44 +02:00
m32r
mm: replace access_process_vm() write parameter with gup_flags
2016-10-19 08:31:25 -07:00
m68k
bug.h: work around GCC PR82365 in BUG()
2019-07-10 09:55:44 +02:00
metag
metag/uaccess: Check access_ok in strncpy_from_user
2017-05-25 15:44:46 +02:00
microblaze
microblaze: Fix simpleImage format generation
2018-08-03 07:55:25 +02:00
mips
MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
2019-07-10 09:55:47 +02:00
mn10300
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
2018-02-17 13:21:20 +01:00
nios2
nios2: reserve boot memory for device tree
2017-04-12 12:41:14 +02:00
openrisc
kthread: fix boot hang (regression) on MIPS/OpenRISC
2018-09-19 22:47:11 +02:00
parisc
parisc: Fix compiler warnings in float emulation code
2019-07-10 09:55:29 +02:00
powerpc
powerpc/bpf: use unsigned division instruction for 64-bit operations
2019-07-10 09:55:33 +02:00
s390
KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
2019-06-22 08:17:20 +02:00
score
Merge branch 'gup_flag-cleanups'
2016-10-19 08:39:47 -07:00
sh
sh: fix multiple function definition build errors
2019-05-08 07:19:11 +02:00
sparc
bug.h: work around GCC PR82365 in BUG()
2019-07-10 09:55:44 +02:00
tile
futex: Remove duplicated code and fix undefined behaviour
2018-05-19 10:27:00 +02:00
um
uml: fix a boot splat wrt use of cpu_all_mask
2019-06-22 08:17:14 +02:00
unicore32
unicore32: use simpler API for random address requests
2016-10-11 15:06:32 -07:00
x86
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
2019-07-21 09:05:58 +02:00
xtensa
xtensa: fix return_address
2019-04-17 08:36:47 +02:00
.gitignore
Kconfig
cpu/hotplug: Provide knobs to control SMT
2018-08-15 18:14:46 +02:00