mpls, nospec: Sanitize array index in mpls_label_ok() - drm-tip - DRM current development and nightly trees

diff options

author	Dan Williams <dan.j.williams@intel.com>	2018-02-07 22:34:24 -0800
committer	David S. Miller <davem@davemloft.net>	2018-02-08 15:24:12 -0500
commit	3968523f855050b8195134da951b87c20bd66130 (patch)
tree	1bf66a780a1e70748dcbd036281015a1d510c564 /net/sched/cls_u32.c
parent	ebeeb1ad9b8adcc37c2ec21a96f39e9d35199b46 (diff)

mpls, nospec: Sanitize array index in mpls_label_ok()

mpls_label_ok() validates that the 'platform_label' array index from a userspace netlink message payload is valid. Under speculation the mpls_label_ok() result may not resolve in the CPU pipeline until after the index is used to access an array element. Sanitize the index to zero to prevent userspace-controlled arbitrary out-of-bounds speculation, a precursor for a speculative execution side channel vulnerability. Cc: <stable@vger.kernel.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'net/sched/cls_u32.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: