lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 23 Apr 2018 14:13:58 -0500
From:   "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To:     Mauro Carvalho Chehab <mchehab@...nel.org>,
        linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
        Dan Carpenter <dan.carpenter@...cle.com>
Cc:     Laurent Pinchart <laurent.pinchart@...asonboard.com>,
        linux-renesas-soc@...r.kernel.org,
        Hans Verkuil <hverkuil@...all.nl>,
        Ramesh Shanmugasundaram <ramesh.shanmugasundaram@...renesas.com>,
        Niklas Söderlund <niklas.soderlund@...natech.se>,
        Jonathan Corbet <corbet@....net>,
        Kyungmin Park <kyungmin.park@...sung.com>,
        Sylwester Nawrocki <s.nawrocki@...sung.com>,
        Kukjin Kim <kgene@...nel.org>,
        Krzysztof Kozlowski <krzk@...nel.org>,
        linux-arm-kernel@...ts.infradead.org,
        linux-samsung-soc@...r.kernel.org
Subject: Re: [PATCH 00/11] fix potential Spectre variant 1 issues

Hi,

Please, drop this series. Further analysis is required as it seems all 
these are False Positives.

Sorry for the noise.

Thanks
--
Gustavo

On 04/23/2018 12:37 PM, Gustavo A. R. Silva wrote:
> This patchset aims to fix various media platform and media usb
> cases where we have user controlled array dereferences that could
> be exploited due to the Spectre variant 1 vulnerability. All were
> reported by Dan Carpenter.
> 
> Notice that given that speculation windows are large, the policy is
> to kill the speculation on the first load and not worry if it can be
> completed with a dependent load/store [1].
> 
> [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
> 
> Thanks
> 
> Gustavo A. R. Silva (11):
>    media: tm6000: fix potential Spectre variant 1
>    exynos4-is: mipi-csis: fix potential Spectre variant 1
>    fsl-viu: fix potential Spectre variant 1
>    marvell-ccic: mcam-core: fix potential Spectre variant 1
>    omap_vout: fix potential Spectre variant 1
>    rcar-v4l2: fix potential Spectre variant 1
>    rcar_drif: fix potential Spectre variant 1
>    sh_vou: fix potential Spectre variant 1
>    vimc-debayer: fix potential Spectre variant 1
>    vivid-sdr-cap: fix potential Spectre variant 1
>    vsp1_rwpf: fix potential Spectre variant 1
> 
>   drivers/media/platform/exynos4-is/mipi-csis.c   | 5 ++++-
>   drivers/media/platform/fsl-viu.c                | 8 ++++----
>   drivers/media/platform/marvell-ccic/mcam-core.c | 3 +++
>   drivers/media/platform/omap/omap_vout.c         | 3 +++
>   drivers/media/platform/rcar-vin/rcar-v4l2.c     | 4 +++-
>   drivers/media/platform/rcar_drif.c              | 4 +++-
>   drivers/media/platform/sh_vou.c                 | 3 +++
>   drivers/media/platform/vimc/vimc-debayer.c      | 5 ++++-
>   drivers/media/platform/vivid/vivid-sdr-cap.c    | 6 ++++++
>   drivers/media/platform/vsp1/vsp1_rwpf.c         | 3 +++
>   drivers/media/usb/tm6000/tm6000-video.c         | 2 ++
>   11 files changed, 38 insertions(+), 8 deletions(-)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ