userns: prevent speculative execution

CVE-2017-5753
CVE-2017-5715

Real commit text tbd

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 4eacf186f5bc0aade02389521b5d6429e4dba03a..684cc69d431c92cf22c4dd68e0ba61674af2cf0a 100644 (file)
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -549,8 +549,10 @@ static void *m_start(struct seq_file *seq, loff_t *ppos,
        struct uid_gid_extent *extent = NULL;
        loff_t pos = *ppos;
 
-       if (pos < map->nr_extents)
+       if (pos < map->nr_extents) {
+               gmb();
                extent = &map->extent[pos];
+       }
 
        return extent;
 }