Unverified Commit 48809693 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!8572 xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() 

Merge Pull Request from: @ci-robot 
 
PR sync from: Ziyang Xuan <william.xuanziyang@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/S4P3Z6JG57K7ICTSRNUTIZNYS3HQKW6B/ 
 
https://gitee.com/src-openeuler/kernel/issues/I9R4LF 
 
Link:https://gitee.com/openeuler/kernel/pulls/8572

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents eb0a4dfd 5170d0fe

net/xfrm/xfrm_compat.c

+2 −0
Original line number Diff line number Diff line
@@ -5,6 +5,7 @@ 
 * Based on code and translator idea by: Florian Westphal <fw@strlen.de>

 */

#include <linux/compat.h>

#include <linux/nospec.h>

#include <linux/xfrm.h>

#include <net/xfrm.h>
@@ -435,6 +436,7 @@ static int xfrm_xlate32_attr(void *dst, const struct nlattr *nla, 
		NL_SET_ERR_MSG(extack, "Bad attribute");

		return -EOPNOTSUPP;

	}

	type = array_index_nospec(type, XFRMA_MAX + 1);

	if (nla_len(nla) < compat_policy[type].len) {

		NL_SET_ERR_MSG(extack, "Attribute bad length");

		return -EOPNOTSUPP;