Received: by 2002:a4a:311b:0:0:0:0:0 with SMTP id k27-v6csp4755354ooa; Tue, 14 Aug 2018 10:06:11 -0700 (PDT) X-Google-Smtp-Source: AA+uWPz115tJ4VGWrXWHCZngbMET9qZTdx4lSBgofeuIxFKd4xla3589LDaGYYk/mLbFnT13TqWd X-Received: by 2002:a17:902:a40b:: with SMTP id p11-v6mr21514416plq.228.1534266371402; Tue, 14 Aug 2018 10:06:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534266371; cv=none; d=google.com; s=arc-20160816; b=eptVU53uf3xyvcuN7PYBFECr8yWSGtsxsgvW99pt5osPcm5eUTSrgHoHADjBTjbx1I qrjgUHzdHG9aKzjTN2TUTLMzaMA/dFtCihvgHTOeTu4g1f1Z0NKQ9S3QzB1qkoCug2vy waHn6kvxDPv4Ce/QPlmAo+BaCacGwgK+gvIJhjOCmozy9LjxTElVExOh03GqCCq3evWt nps2s80C2BcUN7Pj10YtaNdrJIVb+O/blrl4mPCEoBQwRVVxM7iudoig2q0+CxjkUSe3 VWW6ei4QwZldkLKmcXYT1SKOWl2dpe5m8lyq1W/vaKgGhU5Q685+Fym8p3FoCIJkTTfq Vb6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date :arc-authentication-results; bh=2fZgqU+JTcASlGpFA7EO7CZDiYeBnQrgdFYJvrosn60=; b=cTpc2ZMCFa18NRvULoSHnYocnJgcBFgVuZJf5LQpGc1oxQP4oVtIDUDrLpxZVHPDlK qLud++6gvp3bVYAt26No/tCs09KxCcF/Mh0ELo8Z4apGkwkAocY0wFkgvccOvUel2gRm kkRUtJUyjXYDCZ2UqZUb8wTYJeXgz6nTmvoElPSpuP8hA8AFYcl2M26Ikf6eNoLagDpO T5JSTy4yO9Aoac3wxkpSXk/jmTXezan0F5kZJJaodS7Ugdvoc7EcdrT+6AYBt4VM0ZH+ mxQXPl+Xj0avwxOL2JhgAYq21YoeeKTU2NxF/T7C9BPYWv2YZNRJdbdr+G64U+/AEwS1 mjcQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b8-v6si16466964pls.392.2018.08.14.10.05.56; Tue, 14 Aug 2018 10:06:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387536AbeHNTxD (ORCPT + 99 others); Tue, 14 Aug 2018 15:53:03 -0400 Received: from shards.monkeyblade.net ([23.128.96.9]:52454 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733064AbeHNTxD (ORCPT ); Tue, 14 Aug 2018 15:53:03 -0400 Received: from localhost (c-24-20-22-31.hsd1.or.comcast.net [24.20.22.31]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id E3EF513CED779; Tue, 14 Aug 2018 10:05:03 -0700 (PDT) Date: Tue, 14 Aug 2018 10:05:03 -0700 (PDT) Message-Id: <20180814.100503.1519932338963499861.davem@davemloft.net> To: jcline@redhat.com Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, jpoimboe@redhat.com, konrad.wilk@oracle.com, jamie.iles@oracle.com, liran.alon@oracle.com, stable@vger.kernel.org Subject: Re: [PATCH] net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() From: David Miller In-Reply-To: <20180813222313.3510-1-jcline@redhat.com> References: <20180813222313.3510-1-jcline@redhat.com> X-Mailer: Mew version 6.7 on Emacs 26 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Tue, 14 Aug 2018 10:05:04 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jeremy Cline Date: Mon, 13 Aug 2018 22:23:13 +0000 > req->sdiag_family is a user-controlled value that's used as an array > index. Sanitize it after the bounds check to avoid speculative > out-of-bounds array access. > > This also protects the sock_is_registered() call, so this removes the > sanitize call there. > > Fixes: e978de7a6d38 ("net: socket: Fix potential spectre v1 gadget in sock_is_registered") > Cc: Josh Poimboeuf > Cc: konrad.wilk@oracle.com > Cc: jamie.iles@oracle.com > Cc: liran.alon@oracle.com > Cc: stable@vger.kernel.org > Signed-off-by: Jeremy Cline > --- > > Since commit e978de7a6d38 didn't apply cleanly to v4.14, this won't > either since it reverts that change. To apply cleanly there, the change > to sock_is_registered() needs to be dropped. Applied, thank you.