ACK: [SRU][Cosmic][PULL] Updates for Spectre v1 (CVE-2017-5753)
Kleber Souza
kleber.souza at canonical.com
Tue Apr 23 10:34:40 UTC 2019
On 4/10/19 9:38 AM, Juerg Haefliger wrote:
> This pull request contains fix(es) for the following CVE(s):
> CVE-2017-5753
>
> Pull in the latest Spectre v1 fixes from mainline. All commits are either
> clean cherry-picks or simple backports (context adjustments only).
>
> The changes are fairly trivial and non-intrusive (low risk) in that they
> sprinkle array_index_nospec() calls over different places where an array
> index is user controllable.
>
> Compile-tested all supported architectures.
>
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> ---
>
> The following changes since commit 0a4b03deaca7749c26b776ded32d6ea38db0b3ee:
>
> openvswitch: fix flow actions reallocation (2019-04-08 17:21:25 +0200)
>
> are available in the Git repository at:
>
> git://git.launchpad.net/~juergh/+git/cosmic-linux update-spectre-v1
>
> for you to fetch changes up to 2ff3f1444a12589176e2c628465cdd465b8ffa03:
>
> ALSA: seq: oss: Fix Spectre v1 vulnerability (2019-04-09 09:47:03 +0200)
>
> ----------------------------------------------------------------
> Breno Leitao (1):
> powerpc/ptrace: Mitigate potential Spectre v1
>
> David S. Miller (1):
> net: Revert recent Spectre-v1 patches.
>
> Gustavo A. R. Silva (19):
> drm/bufs: Fix Spectre v1 vulnerability
> drivers/misc/sgi-gru: fix Spectre v1 vulnerability
> ipv4: Fix potential Spectre v1 vulnerability
> ALSA: emux: Fix potential Spectre v1 vulnerabilities
> ALSA: pcm: Fix potential Spectre v1 vulnerability
> ip6mr: Fix potential Spectre v1 vulnerability
> ALSA: rme9652: Fix potential Spectre v1 vulnerability
> ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
> KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
> drm/ioctl: Fix Spectre v1 vulnerabilities
> net: core: Fix Spectre v1 vulnerability
> phonet: af_phonet: Fix Spectre v1 vulnerability
> nfc: af_nfc: Fix Spectre v1 vulnerability
> can: af_can: Fix Spectre v1 vulnerability
> char/mwave: fix potential Spectre v1 vulnerability
> applicom: Fix potential Spectre v1 vulnerabilities
> ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
> ALSA: rawmidi: Fix potential Spectre v1 vulnerability
> ALSA: seq: oss: Fix Spectre v1 vulnerability
>
> Jeff Moyer (1):
> aio: fix spectre gadget in lookup_ioctx
>
> Johannes Berg (1):
> cfg80211: prevent speculation on cfg80211_classify8021d() return
>
> Martin Schwidefsky (1):
> s390/keyboard: sanitize array index in do_kdsk_ioctl
>
> arch/powerpc/kernel/ptrace.c | 8 +++++++-
> drivers/char/applicom.c | 35 ++++++++++++++++++++++++-----------
> drivers/char/ipmi/ipmi_msghandler.c | 26 ++++++++++++++++++--------
> drivers/char/mwave/mwavedd.c | 7 +++++++
> drivers/gpu/drm/drm_bufs.c | 3 +++
> drivers/gpu/drm/drm_ioctl.c | 10 ++++++++--
> drivers/misc/sgi-gru/grukdump.c | 4 ++++
> drivers/s390/char/keyboard.c | 28 ++++++++++++++++------------
> fs/aio.c | 2 ++
> net/ipv4/ipmr.c | 4 ++++
> net/ipv6/ip6mr.c | 4 ++++
> net/wireless/util.c | 34 ++++++++++++++++++++++++----------
> sound/core/pcm.c | 2 ++
> sound/core/rawmidi.c | 2 ++
> sound/core/seq/oss/seq_oss_synth.c | 7 ++++---
> sound/pci/emu10k1/emufx.c | 5 +++++
> sound/pci/rme9652/hdsp.c | 10 ++++++----
> sound/synth/emux/emux_hwdep.c | 7 +++++--
> virt/kvm/arm/vgic/vgic.c | 2 +-
> 19 files changed, 146 insertions(+), 54 deletions(-)
>
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
More information about the kernel-team
mailing list