Commit b12585af authored by Tyler Hicks's avatar Tyler Hicks Committed by Khalid Elmously

UBUNTU: SAUCE: Fix posix clock speculation mitigation backport

BugLink: https://launchpad.net/bugs/1847189

The Ubuntu Xenial backport of upstream commit 19b558db
("posix-timers: Protect posix clock array access against speculation")
incorrectly dropped the NULL check on the .clock_getres function
pointer. Readd the NULL check while still protecting against
side-channel speculation attacks when indexing into the posix_clocks
array to perform that NULL check.

The NULL check protects against a denial of service (system crash) or
possible arbitrary code execution that can be triggered by
clock_gettime(10, 0), as pointed out by Vitaly Nikolenko.

Fixes: eb4a3a43 ("posix-timers: Protect posix clock array access against speculation")
Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
Acked-by: default avatarColin Ian King <colin.king@canonical.com>
Acked-by: default avatarAndrea Righi <andrea.righi@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent c6d53633
...@@ -606,7 +606,11 @@ static struct k_clock *clockid_to_kclock(const clockid_t id) ...@@ -606,7 +606,11 @@ static struct k_clock *clockid_to_kclock(const clockid_t id)
if (id >= MAX_CLOCKS) if (id >= MAX_CLOCKS)
return NULL; return NULL;
return &posix_clocks[array_index_nospec(idx, MAX_CLOCKS)]; idx = array_index_nospec(idx, MAX_CLOCKS);
if (!posix_clocks[idx].clock_getres)
return NULL;
return &posix_clocks[idx];
} }
static int common_timer_create(struct k_itimer *new_timer) static int common_timer_create(struct k_itimer *new_timer)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment