qiurui
/
Ubuntu-focal-kernel
mirror of https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Ubuntu-focal-kernel/lib
History
Eric Dumazet 61c36df9bf netlink: prevent potential spectre v1 gadgets 
BugLink: https://bugs.launchpad.net/bugs/2011226

[ Upstream commit f0950402e8c76e7dcb08563f1b4e8000fbc62455 ]

Most netlink attributes are parsed and validated from
__nla_validate_parse() or validate_nla()

    u16 type = nla_type(nla);

    if (type == 0 || type > maxtype) {
        /* error or continue */
    }

@type is then used as an array index and can be used
as a Spectre v1 gadget.

array_index_nospec() can be used to prevent leaking
content of kernel memory to malicious users.

This should take care of vast majority of netlink uses,
but an audit is needed to take care of others where
validation is not yet centralized in core netlink functions.

Fixes: bfa83a9e03 ("[NETLINK]: Type-safe netlink messages/attributes interface")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230119110150.2678537-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>
Acked-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
 		2023-03-21 10:09:00 +01:00
..
842
crypto lib/crypto: blake2s: move hmac construction into wireguard 2022-08-26 11:09:35 +02:00
dim dim: initialize all struct fields 2022-07-11 16:40:02 +02:00
fonts lib/fonts: fix undefined behavior in bit shift for get_default_font 2023-02-01 15:22:13 +01:00
livepatch
lz4 lz4: fix LZ4_decompress_safe_partial read out of bound 2022-05-20 15:20:00 +02:00
lzo
math
mpi lib/mpi: use kcalloc in mpi_resize 2021-10-11 17:08:45 -06:00
raid6 lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 2022-05-20 15:19:19 +02:00
reed_solomon
vdso lib/vdso: use "grep -E" instead of "egrep" 2023-02-01 15:21:25 +01:00
xz lib/xz: Validate the value before assigning it to an enum variable 2022-01-13 18:42:11 +01:00
zlib_deflate
zlib_dfltcc
zlib_inflate
zstd
.gitignore
Kconfig ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE 2022-05-20 15:17:55 +02:00
Kconfig.debug Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled 2023-02-01 15:21:47 +01:00
Kconfig.kasan
Kconfig.kgdb
Kconfig.ubsan
Makefile avoid __memcat_p link failure 2021-05-19 10:53:23 +02:00
argv_split.c
ashldi3.c
ashrdi3.c
asn1_decoder.c
assoc_array.c assoc_array: Fix BUG_ON during garbage collect 2022-08-26 11:07:00 +02:00
atomic64.c
atomic64_test.c
audit.c
bcd.c
bch.c
bitmap.c
bitrev.c
bsearch.c
btree.c
bucket_locks.c
bug.c bug: Remove redundant condition check in report_bug 2021-05-26 15:39:19 +02:00
build_OID_registry
bust_spinlocks.c
chacha.c
check_signature.c
checksum.c
clz_ctz.c
clz_tab.c
cmdline.c
cmpdi2.c
compat_audit.c
cpu_rmap.c
cpumask.c
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c crc-t10dif: Fix potential crypto notify dead-lock 2020-09-04 16:28:56 -03:00
crc4.c
crc7.c
crc8.c
crc16.c
crc32.c lib/crc32.c: fix trivial typo in preprocessor condition 2020-11-09 14:49:00 +01:00
crc32defs.h
crc32test.c lib/crc32test: remove extra local_irq_disable/enable 2020-12-10 12:05:50 +01:00
crc64.c
ctype.c
debug_info.c
debug_locks.c
debugobjects.c
dec_and_lock.c
decompress.c
decompress_bunzip2.c
decompress_inflate.c
decompress_unlz4.c UBUNTU: SAUCE: lib/decompress_unlz4.c: correctly handle zero-padding around initrds. 2021-01-18 17:26:31 +01:00
decompress_unlzma.c
decompress_unlzo.c
decompress_unxz.c lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression 2022-01-13 18:42:11 +01:00
devres.c devres: keep both device name and resource name in pretty name 2020-09-04 16:30:00 -03:00
digsig.c
dump_stack.c
dynamic_debug.c dyndbg: let query-modname override actual module name 2023-01-06 08:43:59 -08:00
dynamic_queue_limits.c
earlycpio.c
error-inject.c
errseq.c
extable.c
fault-inject.c
fdt.c
fdt_empty_tree.c
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
find_bit.c
find_bit_benchmark.c
flex_proportions.c
gen_crc32table.c
gen_crc64table.c
genalloc.c lib/genalloc: fix the overflow when size is too big 2021-02-19 16:43:37 +01:00
generic-radix-tree.c
glob.c
globtest.c
hexdump.c hex2bin: fix access beyond string end 2022-06-22 14:51:05 +02:00
hweight.c
idr.c ida: don't use BUG_ON() for debugging 2022-09-16 10:59:05 +02:00
inflate.c
interval_tree.c
interval_tree_test.c
iomap.c
iomap_copy.c
iommu-helper.c
ioremap.c
iov_iter.c mm/highmem: Lift memcpy_[to|from]_page to core 2023-02-01 15:23:36 +01:00
irq_poll.c
irq_regs.c
is_single_threaded.c
kasprintf.c
kfifo.c
klist.c
kobject.c kobject: Restore old behaviour of kobject_del(NULL) 2020-11-09 14:46:47 +01:00
kobject_uevent.c kobject_uevent: remove warning in init_uevent_argv() 2021-06-18 15:02:22 +02:00
kstrtox.c lib: vsprintf: Fix handling of number field widths in vsscanf 2021-08-13 09:45:14 +02:00
kstrtox.h lib: vsprintf: Fix handling of number field widths in vsscanf 2021-08-13 09:45:14 +02:00
libcrc32c.c
list_debug.c lib/list_debug.c: Detect uninitialized lists 2022-10-17 15:02:00 +02:00
list_sort.c
llist.c
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-rtmutex.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c
lockref.c lockref: stop doing cpu_relax in the cmpxchg loop 2023-03-21 10:08:59 +01:00
logic_pio.c PCI: Fix pci_register_io_range() memory leak 2021-04-14 18:31:56 +02:00
lru_cache.c
lshrdi3.c
memcat_p.c
memory-notifier-error-inject.c
memweight.c
muldi3.c
net_utils.c
netdev-notifier-error-inject.c
nlattr.c netlink: prevent potential spectre v1 gadgets 2023-03-21 10:09:00 +01:00
nmi_backtrace.c
nodemask.c nodemask: Fix return values to be unsigned 2022-08-26 11:09:27 +02:00
notifier-error-inject.c lib/notifier-error-inject: fix error when writing -errno to debugfs file 2023-02-01 15:22:16 +01:00
notifier-error-inject.h
objagg.c
of-reconfig-notifier-error-inject.c
oid_registry.c
once.c once: add DO_ONCE_SLOW() for sleepable contexts 2023-01-06 08:43:56 -08:00
packing.c
parman.c
parser.c
pci_iomap.c
percpu-refcount.c
percpu_counter.c
percpu_test.c
plist.c
pm-notifier-error-inject.c
radix-tree.c
random32.c random: replace custom notifier chain with standard one 2022-08-26 11:10:14 +02:00
ratelimit.c ratelimit: Fix data-races in ___ratelimit(). 2022-10-17 15:02:14 +02:00
rbtree.c
rbtree_test.c
refcount.c locking/refcount: Consolidate implementations of refcount_t 2022-09-16 10:59:59 +02:00
rhashtable.c
sbitmap.c
scatterlist.c sgl_alloc_order: fix memory leak 2020-12-10 12:03:00 +01:00
seq_buf.c seq_buf: Fix overflow in seq_buf_putmem_hex() 2021-08-13 09:46:59 +02:00
sg_pool.c
sg_split.c
sha1.c lib/crypto: sha1: re-roll loops to reduce code size 2022-08-26 11:09:35 +02:00
show_mem.c
siphash.c siphash: use one source of truth for siphash permutations 2022-08-26 11:10:29 +02:00
smp_processor_id.c
sort.c
stackdepot.c lib: stackdepot: turn depot_lock spinlock to raw_spinlock 2021-06-18 15:02:25 +02:00
stmp_device.c
string.c lib/string.c: implement stpcpy 2020-11-09 14:48:03 +01:00
string_helpers.c
strncpy_from_user.c
strnlen_user.c
syscall.c lib/syscall: fix syscall registers retrieval on 32-bit platforms 2021-01-20 14:25:04 +01:00
test-kstrtox.c
test-string_helpers.c
test_bitfield.c
test_bitmap.c
test_blackhole_dev.c
test_bpf.c bpf/tests: Do not PASS tests without actually testing the result 2021-10-12 16:31:30 -06:00
test_debug_virtual.c
test_firmware.c test_firmware: fix memory leak in test_firmware_init() 2023-02-01 15:22:54 +01:00
test_hash.c
test_hexdump.c
test_ida.c
test_kasan.c
test_kmod.c lib/test: use after free in register_test_dev_kmod() 2022-05-20 15:19:16 +02:00
test_list_sort.c
test_memcat_p.c
test_meminit.c lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test 2022-03-07 16:37:03 +01:00
test_module.c
test_objagg.c
test_overflow.c
test_parman.c
test_printf.c
test_rhashtable.c
test_siphash.c
test_sort.c
test_stackinit.c lib/test_stackinit: Fix static initializer test 2021-10-12 16:31:40 -06:00
test_static_key_base.c
test_static_keys.c
test_string.c
test_strscpy.c
test_sysctl.c
test_ubsan.c
test_user_copy.c
test_uuid.c
test_vmalloc.c
test_xarray.c XArray: Fix xas_create_range() when multi-order entry present 2022-05-20 15:19:33 +02:00
textsearch.c
timerqueue.c
ts_bm.c
ts_fsm.c
ts_kmp.c
ubsan.c
ubsan.h
ucmpdi2.c
ucs2_string.c
usercopy.c
uuid.c
vsprintf.c random: replace custom notifier chain with standard one 2022-08-26 11:10:14 +02:00
win_minmax.c
xarray.c XArray: Update the LRU list in xas_split() 2022-05-20 15:19:34 +02:00
xxhash.c