mirror of
https://github.com/torvalds/linux.git
synced 2024-12-11 21:52:04 +00:00
2fbd7af5af
The syscall table base is a user controlled function pointer in kernel space. Use array_index_nospec() to prevent any out of bounds speculation. While retpoline prevents speculating into a userspace directed target it does not stop the pointer de-reference, the concern is leaking memory relative to the syscall table base, by observing instruction cache behavior. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: linux-arch@vger.kernel.org Cc: kernel-hardening@lists.openwall.com Cc: gregkh@linuxfoundation.org Cc: Andy Lutomirski <luto@kernel.org> Cc: alan@linux.intel.com Link: https://lkml.kernel.org/r/151727417984.33451.1216731042505722161.stgit@dwillia2-desk3.amr.corp.intel.com |
||
|---|---|---|
| .. | ||
| syscalls | ||
| vdso | ||
| vsyscall | ||
| calling.h | ||
| common.c | ||
| entry_32.S | ||
| entry_64_compat.S | ||
| entry_64.S | ||
| Makefile | ||
| syscall_32.c | ||
| syscall_64.c | ||
| thunk_32.S | ||
| thunk_64.S | ||