linux

mirror of https://github.com/raspberrypi/linux.git synced 2025-12-07 02:19:54 +00:00

Files

Gustavo A. R. Silva f31eb7298b usbip: vhci_sysfs: fix potential Spectre v1

commit a0d6ec8809 upstream.

pdev_nr and rhport can be controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:
drivers/usb/usbip/vhci_sysfs.c:238 detach_store() warn: potential spectre issue 'vhcis'
drivers/usb/usbip/vhci_sysfs.c:328 attach_store() warn: potential spectre issue 'vhcis'
drivers/usb/usbip/vhci_sysfs.c:338 attach_store() warn: potential spectre issue 'vhci->vhci_hcd_ss->vdev'
drivers/usb/usbip/vhci_sysfs.c:340 attach_store() warn: potential spectre issue 'vhci->vhci_hcd_hs->vdev'

Fix this by sanitizing pdev_nr and rhport before using them to index
vhcis and vhci->vhci_hcd_ss->vdev respectively.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Acked-by: Shuah Khan (Samsung OSG) <shuah@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2018-06-16 09:45:15 +02:00

Kconfig

usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS

2018-05-25 16:17:41 +02:00

Makefile

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

README

usbip: move usbip kernel code out of staging

2014-08-25 10:40:06 -07:00

stub_dev.c

usbip: usbip_host: fix NULL-ptr deref and use-after-free errors

2018-05-22 18:53:55 +02:00

stub_main.c

usbip: usbip_host: fix bad unlock balance during stub_probe()

2018-05-22 18:53:55 +02:00

stub_rx.c

usbip: stub: stop printing kernel pointer addresses in messages

2018-01-02 20:31:14 +01:00

stub_tx.c

usbip: stub: stop printing kernel pointer addresses in messages

2018-01-02 20:31:14 +01:00

stub.h

usbip: usbip_host: fix NULL-ptr deref and use-after-free errors

2018-05-22 18:53:55 +02:00

usbip_common.c

usbip: remove kernel addresses from usb device and urb debug msgs

2018-01-17 09:45:26 +01:00

usbip_common.h

usbip: vhci_hcd: Fix usb device and sockfd leaks

2018-05-01 12:58:09 -07:00

usbip_event.c

usbip: usbip_event: fix to not print kernel pointer address

2018-05-01 12:58:08 -07:00

vhci_hcd.c

usbip: vhci_hcd: check rhport before using in vhci_hub_control()

2018-05-01 12:58:09 -07:00

vhci_rx.c

usbip: vhci: stop printing kernel pointer addresses in messages

2018-01-02 20:31:14 +01:00

vhci_sysfs.c

usbip: vhci_sysfs: fix potential Spectre v1

2018-06-16 09:45:15 +02:00

vhci_tx.c

usbip: vhci: stop printing kernel pointer addresses in messages

2018-01-02 20:31:14 +01:00

vhci.h

usbip: vhci-hcd: Clean up the code by adding a new macro

2017-06-13 10:51:10 +02:00

vudc_dev.c

usbip: vudc: Refactor init_vudc_hw() to be more obvious

2016-12-05 15:08:45 +01:00

vudc_main.c

usbip: vudc: Add VUDC main file

2016-04-26 15:19:50 -07:00

vudc_rx.c

usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input

2018-01-17 09:45:26 +01:00

vudc_sysfs.c

usbip: vudc: fix null pointer dereference on udc->lock

2018-03-19 08:42:46 +01:00

vudc_transfer.c

usbip: vudc: fix: Clear already_seen flag also for ep0

2016-12-05 15:08:45 +01:00

vudc_tx.c

usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer

2018-01-17 09:45:26 +01:00

vudc.h

usb: usbip: vudc: Rename find_endpoint() to vudc_find_endpoint()

2016-04-28 12:28:08 -07:00

README

TODO:
	- more discussion about the protocol
	- testing
	- review of the userspace interface
	- document the protocol

Please send patches for this code to Greg Kroah-Hartman <greg@kroah.com>