Commit 8661e7a7 authored by Elena Reshetova's avatar Elena Reshetova Committed by Kleber Sacilotto de Souza

fs: prevent speculative execution

CVE-2017-5753 (Spectre v1 Intel)

Since the fd value in function __fcheck_files()
seems to be controllable by userspace and later on
conditionally (upon bound check) used to resolve
fdt->fd, insert an observable speculation
barrier before its usage. This should prevent
observable speculation on that branch and avoid
kernel memory leak.
Signed-off-by: default avatarElena Reshetova <elena.reshetova@intel.com>
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 5603071f
...@@ -81,8 +81,10 @@ static inline struct file *__fcheck_files(struct files_struct *files, unsigned i ...@@ -81,8 +81,10 @@ static inline struct file *__fcheck_files(struct files_struct *files, unsigned i
{ {
struct fdtable *fdt = rcu_dereference_raw(files->fdt); struct fdtable *fdt = rcu_dereference_raw(files->fdt);
if (fd < fdt->max_fds) if (fd < fdt->max_fds) {
osb();
return rcu_dereference_raw(fdt->fd[fd]); return rcu_dereference_raw(fdt->fd[fd]);
}
return NULL; return NULL;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment