netlink: Fix spectre v1 gadget in netlink_create() - kernel/linux.git

diff options

author	Jeremy Cline <jcline@redhat.com>	2018-08-01 00:13:16 +0300
committer	David S. Miller <davem@davemloft.net>	2018-08-01 19:50:58 +0300
commit	bc5b6c0b62b932626a135f516a41838c510c6eba (patch)
tree	60b67dc5c86603034ca42c875e73f7922489a553 /net/socket.c
parent	e02ee9819a03c5d6439636c8fc152b4cc1b48304 (diff)
download	linux-bc5b6c0b62b932626a135f516a41838c510c6eba.tar.xz

netlink: Fix spectre v1 gadget in netlink_create()

'protocol' is a user-controlled value, so sanitize it after the bounds check to avoid using it for speculative out-of-bounds access to arrays indexed by it. This addresses the following accesses detected with the help of smatch: * net/netlink/af_netlink.c:654 __netlink_create() warn: potential spectre issue 'nlk_cb_mutex_keys' [w] * net/netlink/af_netlink.c:654 __netlink_create() warn: potential spectre issue 'nlk_cb_mutex_key_strings' [w] * net/netlink/af_netlink.c:685 netlink_create() warn: potential spectre issue 'nl_table' [w] (local cap) Cc: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Jeremy Cline <jcline@redhat.com> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'net/socket.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: