diff options
| author | Jeremy Cline <jcline@redhat.com> | 2018-07-27 22:43:02 +0000 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-08-06 16:18:20 +0200 |
| commit | 82d0d07a25ebdfebaa2aa3fe713ea6311f5b8669 (patch) | |
| tree | 5c2ea7d9189c62f41353d8495dabd4c5bdf14d72 | |
| parent | baaa0eb84e9a6ffba110a9c9d49c216a9fc66bb1 (diff) | |
net: socket: Fix potential spectre v1 gadget in sock_is_registered
commit e978de7a6d382ec378830ca2cf38e902df0b6d84 upstream.
'family' can be a user-controlled value, so sanitize it after the bounds
check to avoid speculative out-of-bounds access.
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | net/socket.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/socket.c b/net/socket.c index 0316b380389e..6a6aa84b64c1 100644 --- a/net/socket.c +++ b/net/socket.c @@ -2694,7 +2694,8 @@ EXPORT_SYMBOL(sock_unregister); bool sock_is_registered(int family) { - return family < NPROTO && rcu_access_pointer(net_families[family]); + return family < NPROTO && + rcu_access_pointer(net_families[array_index_nospec(family, NPROTO)]); } static int __init sock_init(void) |