mpls, nospec: Sanitize array index in mpls_label_ok() - linux

diff options

author	Dan Williams <dan.j.williams@intel.com>	2018-02-08 07:34:24 +0100
committer	David S. Miller <davem@davemloft.net>	2018-02-08 21:24:12 +0100
commit	3968523f855050b8195134da951b87c20bd66130 (patch)
tree	1bf66a780a1e70748dcbd036281015a1d510c564 /LICENSES
parent	rds: tcp: use rds_destroy_pending() to synchronize netns/module teardown and ... (diff)
download	linux-3968523f855050b8195134da951b87c20bd66130.tar.xz linux-3968523f855050b8195134da951b87c20bd66130.zip

mpls, nospec: Sanitize array index in mpls_label_ok()

mpls_label_ok() validates that the 'platform_label' array index from a userspace netlink message payload is valid. Under speculation the mpls_label_ok() result may not resolve in the CPU pipeline until after the index is used to access an array element. Sanitize the index to zero to prevent userspace-controlled arbitrary out-of-bounds speculation, a precursor for a speculative execution side channel vulnerability. Cc: <stable@vger.kernel.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'LICENSES')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: