https://github.com/torvalds/linux
Revision bc5b6c0b62b932626a135f516a41838c510c6eba authored by Jeremy Cline on 31 July 2018, 21:13:16 UTC, committed by David S. Miller on 01 August 2018, 16:50:58 UTC
'protocol' is a user-controlled value, so sanitize it after the bounds check to avoid using it for speculative out-of-bounds access to arrays indexed by it. This addresses the following accesses detected with the help of smatch: * net/netlink/af_netlink.c:654 __netlink_create() warn: potential spectre issue 'nlk_cb_mutex_keys' [w] * net/netlink/af_netlink.c:654 __netlink_create() warn: potential spectre issue 'nlk_cb_mutex_key_strings' [w] * net/netlink/af_netlink.c:685 netlink_create() warn: potential spectre issue 'nl_table' [w] (local cap) Cc: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Jeremy Cline <jcline@redhat.com> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent e02ee98
Tip revision: bc5b6c0b62b932626a135f516a41838c510c6eba authored by Jeremy Cline on 31 July 2018, 21:13:16 UTC
netlink: Fix spectre v1 gadget in netlink_create()
netlink: Fix spectre v1 gadget in netlink_create()
Tip revision: bc5b6c0
File | Mode | Size |
---|---|---|
Documentation | ||
LICENSES | ||
arch | ||
block | ||
certs | ||
crypto | ||
drivers | ||
firmware | ||
fs | ||
include | ||
init | ||
ipc | ||
kernel | ||
lib | ||
mm | ||
net | ||
samples | ||
scripts | ||
security | ||
sound | ||
tools | ||
usr | ||
virt | ||
.clang-format | -rw-r--r-- | 12.8 KB |
.cocciconfig | -rw-r--r-- | 59 bytes |
.get_maintainer.ignore | -rw-r--r-- | 31 bytes |
.gitattributes | -rw-r--r-- | 30 bytes |
.gitignore | -rw-r--r-- | 1.5 KB |
.mailmap | -rw-r--r-- | 9.3 KB |
COPYING | -rw-r--r-- | 423 bytes |
CREDITS | -rw-r--r-- | 96.3 KB |
Kbuild | -rw-r--r-- | 2.2 KB |
Kconfig | -rw-r--r-- | 321 bytes |
MAINTAINERS | -rw-r--r-- | 449.5 KB |
Makefile | -rw-r--r-- | 58.2 KB |
README | -rw-r--r-- | 800 bytes |
Computing file changes ...