Commit d0336c0e authored by Eric Dumazet's avatar Eric Dumazet Committed by sanglipeng
Browse files

ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() 

stable inclusion
from stable-v5.10.166
commit 34c6142f0df9cd75cba5a7aa9df0960d2854b415
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I87FRA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=34c6142f0df9cd75cba5a7aa9df0960d2854b415



--------------------------------

[ Upstream commit 1d1d63b6 ]

if (!type)
		continue;
	if (type > RTAX_MAX)
		return -EINVAL;
	...
	metrics[type - 1] = val;

@type being used as an array index, we need to prevent
cpu speculation or risk leaking kernel memory content.

Fixes: 6cf9dfd3 ("net: fib: move metrics parsing to a helper")
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230120133040.3623463-1-edumazet@google.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarsanglipeng <sanglipeng1@jd.com>
parent becd72df
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment