linux/drivers/tty/vt
Gustavo A. R. Silva e97267cb4d tty: vt_ioctl: fix potential Spectre v1
vsa.console is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/tty/vt/vt_ioctl.c:711 vt_ioctl() warn: potential spectre issue
'vc_cons' [r]

Fix this by sanitizing vsa.console before using it to index vc_cons

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-09-18 15:51:30 +02:00
..
.gitignore
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
consolemap.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
cp437.uni
defkeymap.c_shipped
defkeymap.map
keyboard.c TTY/Serial driver patches for 4.19-rc1 2018-08-18 10:50:41 -07:00
selection.c vt: selection: take screen contents from uniscr if available 2018-07-21 09:18:27 +02:00
vc_screen.c vt: unicode fallback for scrollback 2018-06-28 21:38:12 +09:00
vt.c vt: avoid a VLA in the unicode screen scroll function 2018-07-21 09:19:46 +02:00
vt_ioctl.c tty: vt_ioctl: fix potential Spectre v1 2018-09-18 15:51:30 +02:00