Jason Wang b522f279f9 vhost: Fix Spectre V1 vulnerability ...

[ Upstream commit ff002269a4 ]

The idx in vhost_vring_ioctl() was controlled by userspace, hence a
potential exploitation of the Spectre variant 1 vulnerability.

Fixing this by sanitizing idx before using it to index d->vqs.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2018-11-04 14:52:49 +01:00

..

Kconfig

tap: tap as an independent module

2017-02-11 20:59:41 -05:00

Kconfig.vringh

vhost: split out vringh Kconfig

2016-08-02 16:54:28 +03:00

Makefile

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

net.c

vhost_net: validate sock before trying to put its fd

2018-07-22 14:28:47 +02:00

scsi.c

fix a page leak in vhost_scsi_iov_to_sgl() error recovery

2017-11-30 08:40:49 +00:00

test.c

Merge 4.8-rc5 into char-misc-next

2016-09-05 08:04:07 +02:00

test.h

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

vhost.c

vhost: Fix Spectre V1 vulnerability

2018-11-04 14:52:49 +01:00

vhost.h

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

vringh.c

vringh: kill off ACCESS_ONCE()

2016-12-16 00:13:36 +02:00

vsock.c

mm, tree wide: replace __GFP_REPEAT by __GFP_RETRY_MAYFAIL with more useful semantic

2017-07-12 16:26:03 -07:00