mpls, nospec: Sanitize array index in mpls_label_ok() - kernel

diff options

author	Dan Williams <[email protected]>	2018-02-08 06:34:24 +0000
committer	David S. Miller <[email protected]>	2018-02-08 20:24:12 +0000
commit	3968523f855050b8195134da951b87c20bd66130 (patch)
tree	1bf66a780a1e70748dcbd036281015a1d510c564 /net/tipc
parent	rds: tcp: use rds_destroy_pending() to synchronize netns/module teardown and ... (diff)
download	kernel-3968523f855050b8195134da951b87c20bd66130.tar.gz kernel-3968523f855050b8195134da951b87c20bd66130.zip

mpls, nospec: Sanitize array index in mpls_label_ok()

mpls_label_ok() validates that the 'platform_label' array index from a userspace netlink message payload is valid. Under speculation the mpls_label_ok() result may not resolve in the CPU pipeline until after the index is used to access an array element. Sanitize the index to zero to prevent userspace-controlled arbitrary out-of-bounds speculation, a precursor for a speculative execution side channel vulnerability. Cc: <[email protected]> Cc: "David S. Miller" <[email protected]> Cc: Eric W. Biederman <[email protected]> Signed-off-by: Dan Williams <[email protected]> Signed-off-by: David S. Miller <[email protected]>

Diffstat (limited to 'net/tipc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: