Re: [PATCH AUTOSEL 6.1 34/35] prlimit: do_prlimit needs to have a speculation check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Jan 24, 2023 at 08:41:30AM -0500, Sasha Levin wrote:
> From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> 
> [ Upstream commit 739790605705ddcf18f21782b9c99ad7d53a8c11 ]
> 
> do_prlimit() adds the user-controlled resource value to a pointer that
> will subsequently be dereferenced.  In order to help prevent this
> codepath from being used as a spectre "gadget" a barrier needs to be
> added after checking the range.
> 
> Reported-by: Jordy Zomer <jordyzomer@xxxxxxxxxx>
> Tested-by: Jordy Zomer <jordyzomer@xxxxxxxxxx>
> Suggested-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
> ---
>  kernel/sys.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/kernel/sys.c b/kernel/sys.c
> index 5fd54bf0e886..88b31f096fb2 100644
> --- a/kernel/sys.c
> +++ b/kernel/sys.c
> @@ -1442,6 +1442,8 @@ static int do_prlimit(struct task_struct *tsk, unsigned int resource,
>  
>  	if (resource >= RLIM_NLIMITS)
>  		return -EINVAL;
> +	resource = array_index_nospec(resource, RLIM_NLIMITS);
> +
>  	if (new_rlim) {
>  		if (new_rlim->rlim_cur > new_rlim->rlim_max)
>  			return -EINVAL;
> -- 
> 2.39.0
> 

This is already in the 6.1.8 release so no need to add it again :)

thanks,

greg k-h
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux