Re: [Linux-stable-mirror] [PATCH] mpls, nospec: Sanitize array index in mpls_label_ok()

8 Feb 2018


      From: Dan Williams dan.j.williams@intel.com
Date: Wed, 07 Feb 2018 22:34:24 -0800
...
mpls_label_ok() validates that the 'platform_label' array index from a
userspace netlink message payload is valid. Under speculation the
mpls_label_ok() result may not resolve in the CPU pipeline until after
the index is used to access an array element. Sanitize the index to zero
to prevent userspace-controlled arbitrary out-of-bounds speculation, a
precursor for a speculative execution side channel vulnerability.
Cc: stable@vger.kernel.org
Cc: "David S. Miller" davem@davemloft.net
Cc: Eric W. Biederman ebiederm@xmission.com
Signed-off-by: Dan Williams dan.j.williams@intel.com
Applied, thank you.

2024

2023

2022

2021

2020

2019

2018

2017

Re: [Linux-stable-mirror] [PATCH] mpls, nospec: Sanitize array index in mpls_label_ok()