3.16.60-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra peterz@infradead.org
commit 354d7793070611b4df5a79fbb0f12752d0ed0cc5 upstream.
kernel/sched/autogroup.c:230 proc_sched_autogroup_set_nice() warn: potential spectre issue 'sched_prio_to_weight'
Userspace controls @nice, sanitize the array index.
Reported-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Peter Zijlstra (Intel) peterz@infradead.org Cc: Linus Torvalds torvalds@linux-foundation.org Cc: Peter Zijlstra peterz@infradead.org Cc: Thomas Gleixner tglx@linutronix.de Signed-off-by: Ingo Molnar mingo@kernel.org [bwh: Backported to 3.16: adjust filename, context] Signed-off-by: Ben Hutchings ben@decadent.org.uk --- kernel/sched/auto_group.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
--- a/kernel/sched/auto_group.c +++ b/kernel/sched/auto_group.c @@ -8,6 +8,7 @@ #include <linux/utsname.h> #include <linux/security.h> #include <linux/export.h> +#include <linux/nospec.h>
unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1; static struct autogroup autogroup_default; @@ -198,7 +199,7 @@ int proc_sched_autogroup_set_nice(struct static unsigned long next = INITIAL_JIFFIES; struct autogroup *ag; unsigned long shares; - int err; + int err, idx;
if (nice < MIN_NICE || nice > MAX_NICE) return -EINVAL; @@ -216,7 +217,9 @@ int proc_sched_autogroup_set_nice(struct
next = HZ / 10 + jiffies; ag = autogroup_task_get(p); - shares = scale_load(prio_to_weight[nice + 20]); + + idx = array_index_nospec(nice + 20, 40); + shares = scale_load(prio_to_weight[idx]);
down_write(&ag->lock); err = sched_group_set_shares(ag->tg, shares);