From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: [PATCH] netlink: Fix spectre v1 gadget in netlink_create()
Date: Wed, 01 Aug 2018 09:51:35 -0700 (PDT)
Message-ID: <20180801.095135.79911181296177212.davem@davemloft.net>
References: <20180731211316.12971-1-jcline@redhat.com>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
        jpoimboe@redhat.com
To: jcline@redhat.com
Return-path: <netdev-owner@vger.kernel.org>
Received: from shards.monkeyblade.net ([23.128.96.9]:49888 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2406684AbeHATRL (ORCPT
        <rfc822;netdev@vger.kernel.org>); Wed, 1 Aug 2018 15:17:11 -0400
In-Reply-To: <20180731211316.12971-1-jcline@redhat.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

From: Jeremy Cline <jcline@redhat.com>
Date: Tue, 31 Jul 2018 21:13:16 +0000

> 'protocol' is a user-controlled value, so sanitize it after the bounds
> check to avoid using it for speculative out-of-bounds access to arrays
> indexed by it.
> 
> This addresses the following accesses detected with the help of smatch:
> 
> * net/netlink/af_netlink.c:654 __netlink_create() warn: potential
>   spectre issue 'nlk_cb_mutex_keys' [w]
> 
> * net/netlink/af_netlink.c:654 __netlink_create() warn: potential
>   spectre issue 'nlk_cb_mutex_key_strings' [w]
> 
> * net/netlink/af_netlink.c:685 netlink_create() warn: potential spectre
>   issue 'nl_table' [w] (local cap)
> 
> Cc: Josh Poimboeuf <jpoimboe@redhat.com>
> Signed-off-by: Jeremy Cline <jcline@redhat.com>

Applied and queued up for -stable, thanks.