nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
It appears that there are some buffer overflows in EVT_TRANSACTION.
This happens because the length parameters that are passed to memcpy
come directly from skb->data and are not guarded in any way.
Signed-off-by: Jordy Zomer <email address hidden>
Reviewed-by: Krzysztof Kozlowski <email address hidden>
Signed-off-by: David S. Miller <email address hidden>
(cherry picked from commit 4fbcc1a4cb20fe26ad0225679c536c80f1648221)
CVE-2022-26490
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Bartlomiej Zolnierkiewicz <email address hidden>
Signed-off-by: Andrea Righi <email address hidden>
8baee51...
by
Peter Zijlstra <email address hidden>
Current BPF codegen doesn't respect X86_FEATURE_RETPOLINE* flags and
unconditionally emits a thunk call, this is sub-optimal and doesn't
match the regular, compiler generated, code.
Update the i386 JIT to emit code equal to what the compiler emits for
the regular kernel text (IOW. a plain THUNK call).
Update the x86_64 JIT to emit code similar to the result of compiler
and kernel rewrites as according to X86_FEATURE_RETPOLINE* flags.
Inlining RETPOLINE_AMD (lfence; jmp *%reg) and !RETPOLINE (jmp *%reg),
while doing a THUNK call for RETPOLINE.
This removes the hard-coded retpoline thunks and shrinks the generated
code. Leaving a single retpoline thunk definition in the kernel.
Signed-off-by: Peter Zijlstra (Intel) <email address hidden>
Reviewed-by: Borislav Petkov <email address hidden>
Acked-by: Alexei Starovoitov <email address hidden>
Acked-by: Josh Poimboeuf <email address hidden>
Tested-by: Alexei Starovoitov <email address hidden>
Link: https://<email address hidden>
(backported from commit 87c87ecd00c54ecd677798cb49ef27329e0fab41)
[cascardo: RETPOLINE_AMD was renamed to RETPOLINE_LFENCE]
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Andrea Righi <email address hidden>