linux/drivers
Michael S. Tsirkin 670ae9caac vhost: fix info leak due to uninitialized memory
struct vhost_msg within struct vhost_msg_node is copied to userspace.
Unfortunately it turns out on 64 bit systems vhost_msg has padding after
type which gcc doesn't initialize, leaking 4 uninitialized bytes to
userspace.

This padding also unfortunately means 32 bit users of this interface are
broken on a 64 bit kernel which will need to be fixed separately.

Fixes: CVE-2018-1118
Cc: stable@vger.kernel.org
Reported-by: Kevin Easton <kevin@guarana.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: syzbot+87cfa083e727a224754b@syzkaller.appspotmail.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-06-12 04:59:29 +03:00
..
accessibility
acpi ACPICA: Add deferred package support for the Load and loadTable operators 2018-05-14 22:25:45 +02:00
amba ARM: amba: Fix race condition with driver_override 2018-04-26 10:35:04 +02:00
android ANDROID: binder: prevent transactions into own process. 2018-04-23 12:12:41 +02:00
ata ahci: Add PCI ID for Cannon Lake PCH-LP AHCI 2018-05-24 07:03:32 -07:00
atm atm: zatm: fix memcmp casting 2018-05-29 09:59:53 -04:00
auxdisplay
base mm/memory_hotplug: fix leftover use of struct page during hotplug 2018-05-25 18:12:11 -07:00
bcma bcma: fix buffer size caused crash in bcma_core_mips_print_irq() 2018-05-12 11:36:59 +03:00
block for-linus-20180524 2018-05-24 08:53:20 -07:00
bluetooth Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table 2018-04-30 10:56:04 +02:00
bus HISI LPC: Add Kconfig MFD_CORE dependency 2018-04-26 16:53:23 +02:00
cdrom cdrom: information leak in cdrom_ioctl_media_changed() 2018-04-18 08:21:32 -06:00
char agp: uninorth: make two functions static 2018-05-10 11:26:08 +10:00
clk clk: stm32: fix: stm32 clock drivers are not compiled by default 2018-05-15 15:47:03 -07:00
clocksource clocksource/imx-tpm: Correct -ETIME return condition check 2018-04-19 13:21:35 +02:00
connector
cpufreq cpufreq: armada-37xx: driver relies on cpufreq-dt 2018-05-14 22:25:56 +02:00
cpuidle cpuidle: menu: Avoid selecting shallow states with stopped tick 2018-04-09 11:54:57 +02:00
crypto crypto: inside-secure - do not use memset on MMIO 2018-05-26 23:58:44 +08:00
dax device-dax: allow MAP_SYNC to succeed 2018-04-19 15:11:50 -07:00
dca
devfreq
dio
dma dmaengine: qcom: bam_dma: check if the runtime pm enabled 2018-05-17 16:16:49 +05:30
dma-buf
edac * Add NVDIMM support to EDAC (Tony Luck) 2018-04-05 14:21:13 -07:00
eisa
extcon Char/Misc patches for 4.17-rc1 2018-04-04 20:07:20 -07:00
firewire
firmware firmware: qcom: scm: Fix crash in qcom_scm_call_atomic1() 2018-05-24 22:36:45 -05:00
fmc treewide: Fix typos in printk 2018-03-27 09:51:22 +02:00
fpga fpga-manager: altera-ps-spi: preserve nCONFIG state 2018-04-23 13:27:05 +02:00
fsi
gpio gpio: pcie-idio-24: Fix off-by-one error in get_multiple loop 2018-04-30 10:48:08 +02:00
gpu drm/amd/display: Update color props when modeset is required 2018-05-31 13:08:26 -05:00
hid HID: i2c-hid: Add RESEND_REPORT_DESCR quirk for Toshiba Click Mini L9W-B 2018-05-09 13:58:01 +02:00
hsi
hv ARM: 2018-04-09 11:42:31 -07:00
hwmon hwmon: (k10temp) Use API function to access System Management Network 2018-05-13 09:00:49 -07:00
hwspinlock
hwtracing hwtracing: stm: fix build error on some arches 2018-05-26 08:49:24 +02:00
i2c i2c: ocores: update HDL sources URL 2018-05-29 20:14:32 +02:00
ide for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
idle
iio First round of IIO fixes for the 4.17 cycle. 2018-05-09 17:08:29 +02:00
infiniband Merge candidates for 4.17-rc 2018-06-02 09:55:44 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2018-05-29 22:22:15 -05:00
iommu iommu: rockchip: fix building without CONFIG_OF 2018-05-03 16:36:07 +02:00
ipack
irqchip irqchip/qcom: Fix check for spurious interrupts 2018-05-02 15:56:10 +02:00
isdn isdn: eicon: fix a missing-check bug 2018-05-22 13:48:34 -04:00
leds
lightnvm lightnvm: pblk: remove some unnecessary NULL checks 2018-03-29 17:29:09 -06:00
macintosh powerpc updates for 4.17 2018-04-07 12:08:19 -07:00
mailbox
mcb
md for-linus-20180518 2018-05-18 10:10:43 -07:00
media MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00
memory ARM: OMAP2+: Fix build when using split object directories 2018-04-18 10:07:13 -07:00
memstick
message scsi: mptsas: Disable WRITE SAME 2018-04-18 23:37:25 -04:00
mfd mfd: cros_ec: Retry commands when EC is known to be busy 2018-05-23 06:59:00 +01:00
misc Merge branch 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2018-05-18 18:02:01 -07:00
mmc mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus 2018-05-21 13:27:22 +02:00
mtd mtd: rawnand: marvell: Fix read logic for layouts with ->nchunks > 2 2018-05-14 14:46:20 +02:00
mux
net net: usb: cdc_mbim: add flag FLAG_SEND_ZLP 2018-06-01 14:01:42 -04:00
nfc
ntb
nubus
nvdimm Revert "libnvdimm, of_pmem: workaround OF_NUMA=n build error" 2018-04-19 15:10:56 -07:00
nvme Merge candidates for 4.17-rc 2018-06-02 09:55:44 -07:00
nvmem Char/Misc patches for 4.17-rc1 2018-04-04 20:07:20 -07:00
of DeviceTree fixes for 4.17: 2018-05-07 05:33:29 -10:00
opp
oprofile oprofilefs: don't oops on allocation failure 2018-03-29 15:07:48 -04:00
parisc parisc: Move ccio_cujo20_fixup() into init section 2018-05-18 16:21:49 +02:00
parport Char/Misc patches for 4.17-rc1 2018-04-04 20:07:20 -07:00
pci PCI / PM: Check device_may_wakeup() in pci_enable_wake() 2018-05-10 16:50:26 +02:00
pcmcia Merge branch 'for-linus-sa1100' of git://git.armlinux.org.uk/~rmk/linux-arm 2018-04-09 09:26:36 -07:00
perf ARM: SoC driver updates for 4.17 2018-04-05 21:29:35 -07:00
phy ARM: SoC platform updates for 4.17 2018-04-05 21:21:08 -07:00
pinctrl pinctrl: sunrisepoint: Align GPIO number space with Windows 2018-05-02 14:36:00 +02:00
platform platform-drivers-x86 for v4.17-4 2018-05-31 09:39:57 -05:00
pnp
power ARM: SoC platform updates for 4.17 2018-04-05 21:21:08 -07:00
powercap
pps
ps3
ptp
pwm pwm: Changes for v4.17-rc1 2018-04-13 15:46:21 -07:00
rapidio rapidio: fix rio_dma_transfer error handling 2018-04-20 17:18:35 -07:00
ras
regulator Merge remote-tracking branches 'regulator/topic/88pg86x', 'regulator/topic/dt', 'regulator/topic/formatting' and 'regulator/topic/gpio' into regulator-next 2018-03-28 10:33:53 +08:00
remoteproc remoteproc: qcom: Fix potential device node leaks 2018-04-25 16:46:55 -07:00
reset reset: uniphier: fix USB clock line for LD20 2018-04-27 11:51:12 +02:00
rpmsg rpmsg: added MODULE_ALIAS for rpmsg_char 2018-04-25 16:46:55 -07:00
rtc rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops 2018-04-25 13:24:13 +10:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2018-05-30 10:30:30 -05:00
sbus sparc64: Fix mistake in oradax license text 2018-04-30 16:06:01 -04:00
scsi SCSI fixes on 20180602 2018-06-02 15:54:49 -07:00
sfi
sh
siox
slimbus slimbus: Fix out-of-bounds access in slim_slicesize() 2018-04-23 13:40:15 +02:00
sn
soc Final MIPS fixes for 4.17 2018-06-02 10:12:23 -07:00
soundwire
spi spi: bcm2835aux: ensure interrupts are enabled for shared handler 2018-05-04 08:09:02 +09:00
spmi
ssb ssb: make SSB_PCICORE_HOSTMODE depend on SSB = y 2018-05-12 11:38:13 +03:00
staging Merge candidates for 4.17-rc 2018-06-02 09:55:44 -07:00
target scsi: target: tcmu: fix error resetting qfull_time_out to default 2018-05-14 22:44:50 -04:00
tc
tee tee: check shm references are consistent in offset/size 2018-05-07 11:51:03 +02:00
thermal Merge branch 'thermal-soc' into next 2018-05-11 09:37:21 +08:00
thunderbolt thunderbolt: Handle NULL boot ACL entries properly 2018-05-15 18:02:00 +02:00
tty tty: Use __GFP_NOFAIL for tty_ldisc_get() 2018-04-25 15:03:44 +02:00
uio uio_hv_generic: fix subchannel ring mmap 2018-04-23 12:43:48 +02:00
usb usbip: usbip_host: fix bad unlock balance during stub_probe() 2018-05-16 18:52:13 +02:00
uwb
vfio Revert "vfio/type1: Improve memory pinning process for raw PFN mapping" 2018-06-02 08:41:44 -06:00
vhost vhost: fix info leak due to uninitialized memory 2018-06-12 04:59:29 +03:00
video fbdev changes for v4.17: 2018-04-10 10:20:00 -07:00
virt virt: vbox: Log an error when we fail to get the host version 2018-04-23 13:41:55 +02:00
virtio virtio: feature 2018-04-11 18:58:27 -07:00
visorbus
vlynq
vme
w1
watchdog aspeed: watchdog: Set bootstatus during probe 2018-04-16 10:22:40 +02:00
xen xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent 2018-05-18 14:37:16 -04:00
zorro
Kconfig hwtracing: Add HW tracing support menu 2018-03-29 13:38:10 +03:00
Makefile