Commit 3627e887 authored by Elena Reshetova's avatar Elena Reshetova Committed by Kleber Sacilotto de Souza

userns: prevent speculative execution

CVE-2017-5753 (Spectre v1 Intel)

Since the pos value in function m_start()
seems to be controllable by userspace and later on
conditionally (upon bound check) used to resolve
map->extent, insert an observable speculation
barrier before its usage. This should prevent
observable speculation on that branch and avoid
kernel memory leak.
Signed-off-by: default avatarElena Reshetova <elena.reshetova@intel.com>
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 9780ac7b
...@@ -502,8 +502,10 @@ static void *m_start(struct seq_file *seq, loff_t *ppos, ...@@ -502,8 +502,10 @@ static void *m_start(struct seq_file *seq, loff_t *ppos,
struct uid_gid_extent *extent = NULL; struct uid_gid_extent *extent = NULL;
loff_t pos = *ppos; loff_t pos = *ppos;
if (pos < map->nr_extents) if (pos < map->nr_extents) {
osb();
extent = &map->extent[pos]; extent = &map->extent[pos];
}
return extent; return extent;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment