Revision - a538e3f - aio: fix spectre gadget in lookup_ioctx

Revision a538e3ff9dabcdf6c3f477a373c629213d1c3066 authored by Jeff Moyer on 11 December 2018, 17:37:49 UTC, committed by Jens Axboe on 11 December 2018, 18:45:50 UTC

aio: fix spectre gadget in lookup_ioctx

Matthew pointed out that the ioctx_table is susceptible to spectre v1,
because the index can be controlled by an attacker.  The below patch
should mitigate the attack for all of the aio system calls.

Cc: stable@vger.kernel.org
Reported-by: Matthew Wilcox <willy@infradead.org>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

1 parent f55adad

Files
Changes

Permalinks

File	Mode	Size
netfilter
Kconfig	-rw-r--r--	2.0 KB
Makefile	-rw-r--r--	824 bytes
br.c	-rw-r--r--	6.5 KB
br_arp_nd_proxy.c	-rw-r--r--	11.3 KB
br_device.c	-rw-r--r--	10.9 KB
br_fdb.c	-rw-r--r--	27.8 KB
br_forward.c	-rw-r--r--	7.6 KB
br_if.c	-rw-r--r--	16.6 KB
br_input.c	-rw-r--r--	8.0 KB
br_ioctl.c	-rw-r--r--	9.0 KB
br_mdb.c	-rw-r--r--	18.6 KB
br_multicast.c	-rw-r--r--	62.8 KB
br_netfilter_hooks.c	-rw-r--r--	29.2 KB
br_netfilter_ipv6.c	-rw-r--r--	5.8 KB
br_netlink.c	-rw-r--r--	46.6 KB
br_netlink_tunnel.c	-rw-r--r--	7.0 KB
br_nf_core.c	-rw-r--r--	2.2 KB
br_private.h	-rw-r--r--	33.8 KB
br_private_stp.h	-rw-r--r--	1.9 KB
br_private_tunnel.h	-rw-r--r--	2.3 KB
br_stp.c	-rw-r--r--	15.4 KB
br_stp_bpdu.c	-rw-r--r--	5.8 KB
br_stp_if.c	-rw-r--r--	8.4 KB
br_stp_timer.c	-rw-r--r--	4.4 KB
br_switchdev.c	-rw-r--r--	3.9 KB
br_sysfs_br.c	-rw-r--r--	26.2 KB
br_sysfs_if.c	-rw-r--r--	10.6 KB
br_vlan.c	-rw-r--r--	28.0 KB
br_vlan_tunnel.c	-rw-r--r--	4.7 KB

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...