Google Git
Sign in
android-kvm / linux / 55690c07b44a82cc3359ce0c233f4ba7d80ba145
commit55690c07b44a82cc3359ce0c233f4ba7d80ba145[log] [tgz]
authorJinbum Park <jinb.park7@gmail.com>Sat Jul 28 13:20:44 2018 +0900
committerJens Axboe <axboe@kernel.dk>Sat Jul 28 09:08:42 2018 -0600
tree1e73133269563bae2dd59e2790da18ee72618e18
parentd43fdae7bac2def8c4314b5a49822cb7f08a45f1 [diff]
pktcdvd: Fix possible Spectre-v1 for pkt_devs

User controls @dev_minor which to be used as index of pkt_devs.
So, It can be exploited via Spectre-like attack. (speculative execution)

This kind of attack leaks address of pkt_devs, [1]
It leads an attacker to bypass security mechanism such as KASLR.

So sanitize @dev_minor before using it to prevent attack.

[1] https://github.com/jinb-park/linux-exploit/
tree/master/exploit-remaining-spectre-gadget/leak_pkt_devs.c

Signed-off-by: Jinbum Park <jinb.park7@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
1 file changed
tree: 1e73133269563bae2dd59e2790da18ee72618e18
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. README