On 2/23/23 2:04 PM, Greg Kroah-Hartman wrote:
From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 upstream.
The results of "access_ok()" can be mis-speculated. The result is that
you can end speculatively:
if (access_ok(from, size))
// Right here
even for bad from/size combinations. On first glance, it would be ideal
to just add a speculation barrier to "access_ok()" so that its results
can never be mis-speculated.
Keep in mind this also needs commit f3dd0c53370e ("bpf: add missing header file include")
as follow-up everywhere you queue this one.
Thanks,
Daniel
