mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-27 12:57:53 +00:00
prlimit: do_prlimit needs to have a speculation check
commit 7397906057
upstream.
do_prlimit() adds the user-controlled resource value to a pointer that
will subsequently be dereferenced. In order to help prevent this
codepath from being used as a spectre "gadget" a barrier needs to be
added after checking the range.
Reported-by: Jordy Zomer <jordyzomer@google.com>
Tested-by: Jordy Zomer <jordyzomer@google.com>
Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
375be2dd61
commit
291a0395bb
1 changed files with 2 additions and 0 deletions
|
@ -1472,6 +1472,8 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
|
||||||
|
|
||||||
if (resource >= RLIM_NLIMITS)
|
if (resource >= RLIM_NLIMITS)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
resource = array_index_nospec(resource, RLIM_NLIMITS);
|
||||||
|
|
||||||
if (new_rlim) {
|
if (new_rlim) {
|
||||||
if (new_rlim->rlim_cur > new_rlim->rlim_max)
|
if (new_rlim->rlim_cur > new_rlim->rlim_max)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
Loading…
Reference in a new issue