]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 68a2a14) | patch
vhost: Fix Spectre V1 vulnerability
authorJason Wang <jasowang@redhat.com>
Tue, 30 Oct 2018 06:10:49 +0000 (14:10 +0800)
committerStefan Bader <stefan.bader@canonical.com>
Wed, 24 Apr 2019 08:09:10 +0000 (10:09 +0200)
commit983547b755fea8d6f79b357f3c362611819939b9
treea0ed87c2e9d3a164623d2c5d4f7b033c41710233tree
parent68a2a146387f4b1d285961269964dd05745f6dfdcommit | diff
vhost: Fix Spectre V1 vulnerability

The idx in vhost_vring_ioctl() was controlled by userspace, hence a
potential exploitation of the Spectre variant 1 vulnerability.

Fixing this by sanitizing idx before using it to index d->vqs.

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
CVE-2017-5753

(cherry picked from commit ff002269a4ee9c769dbf9365acef633ebcbd6cbe)
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
drivers/vhost/vhost.c diff | blob | blame | history
ubuntu-bionic-kernel mirror