userns: prevent speculative execution

[mirror_ubuntu-artful-kernel.git] / kernel / user_namespace.c

diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 2f735cbe05e8aca3b8ee8a3dcc7de493f9757c05..da3fefe632e2327ac3e3460a359a5fd1edb96cda 100644 (file)
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -24,6 +24,12 @@
 #include <linux/projid.h>
 #include <linux/fs_struct.h>
 
+/*
+ * sysctl determining whether unprivileged users may unshare a new
+ * userns.  Allowed by default
+ */
+int unprivileged_userns_clone = 1;
+
 static struct kmem_cache *user_ns_cachep __read_mostly;
 static DEFINE_MUTEX(userns_state_mutex);
 
@@ -543,8 +549,10 @@ static void *m_start(struct seq_file *seq, loff_t *ppos,
        struct uid_gid_extent *extent = NULL;
        loff_t pos = *ppos;
 
-       if (pos < map->nr_extents)
+       if (pos < map->nr_extents) {
+               osb();
                extent = &map->extent[pos];
+       }
 
        return extent;
 }
@@ -998,6 +1006,7 @@ bool current_in_userns(const struct user_namespace *target_ns)
        }
        return false;
 }
+EXPORT_SYMBOL(current_in_userns);
 
 static inline struct user_namespace *to_user_ns(struct ns_common *ns)
 {