Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 242e6f52a0cd1b5526a093e6bb39cec2b76b0284
commit242e6f52a0cd1b5526a093e6bb39cec2b76b0284[log] [tgz]
authorJason Wang <jasowang@redhat.com>Tue Oct 30 14:10:49 2018 +0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Sat Nov 10 07:42:58 2018 -0800
treef7926915eae9b4433cdbc091a81bd7ebb6d578a1
parent1b0bb7e515b2292da2be1286b994ad1cf1096af3 [diff]
vhost: Fix Spectre V1 vulnerability

[ Upstream commit ff002269a4ee9c769dbf9365acef633ebcbd6cbe ]

The idx in vhost_vring_ioctl() was controlled by userspace, hence a
potential exploitation of the Spectre variant 1 vulnerability.

Fixing this by sanitizing idx before using it to index d->vqs.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: f7926915eae9b4433cdbc091a81bd7ebb6d578a1
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS