diff options
Diffstat (limited to 'net/atm/lec.c')
-rw-r--r-- | net/atm/lec.c | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/net/atm/lec.c b/net/atm/lec.c index 01d5d20a6eb1..5a95fcf6f9b6 100644 --- a/net/atm/lec.c +++ b/net/atm/lec.c @@ -41,6 +41,9 @@ static unsigned char bridge_ula_lec[] = { 0x01, 0x80, 0xc2, 0x00, 0x00 }; #include <linux/module.h> #include <linux/init.h> +/* Hardening for Spectre-v1 */ +#include <linux/nospec.h> + #include "lec.h" #include "lec_arpc.h" #include "resources.h" @@ -687,8 +690,10 @@ static int lec_vcc_attach(struct atm_vcc *vcc, void __user *arg) bytes_left = copy_from_user(&ioc_data, arg, sizeof(struct atmlec_ioc)); if (bytes_left != 0) pr_info("copy from user failed for %d bytes\n", bytes_left); - if (ioc_data.dev_num < 0 || ioc_data.dev_num >= MAX_LEC_ITF || - !dev_lec[ioc_data.dev_num]) + if (ioc_data.dev_num < 0 || ioc_data.dev_num >= MAX_LEC_ITF) + return -EINVAL; + ioc_data.dev_num = array_index_nospec(ioc_data.dev_num, MAX_LEC_ITF); + if (!dev_lec[ioc_data.dev_num]) return -EINVAL; vpriv = kmalloc(sizeof(struct lec_vcc_priv), GFP_KERNEL); if (!vpriv) @@ -985,18 +990,6 @@ static const struct seq_operations lec_seq_ops = { .stop = lec_seq_stop, .show = lec_seq_show, }; - -static int lec_seq_open(struct inode *inode, struct file *file) -{ - return seq_open_private(file, &lec_seq_ops, sizeof(struct lec_state)); -} - -static const struct file_operations lec_seq_fops = { - .open = lec_seq_open, - .read = seq_read, - .llseek = seq_lseek, - .release = seq_release_private, -}; #endif static int lane_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) @@ -1042,7 +1035,8 @@ static int __init lane_module_init(void) #ifdef CONFIG_PROC_FS struct proc_dir_entry *p; - p = proc_create("lec", 0444, atm_proc_root, &lec_seq_fops); + p = proc_create_seq_private("lec", 0444, atm_proc_root, &lec_seq_ops, + sizeof(struct lec_state), NULL); if (!p) { pr_err("Unable to initialize /proc/net/atm/lec\n"); return -ENOMEM; |