Gustavo A. R. Silva 50d5258634 net: core: Fix Spectre v1 vulnerability ...

flen is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

net/core/filter.c:1101 bpf_check_classic() warn: potential spectre issue 'filter' [w]

Fix this by sanitizing flen before using it to index filter at line 1101:

	switch (filter[flen - 1].code) {

and through pc at line 1040:

	const struct sock_filter *ftest = &filter[pc];

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

2018-12-22 15:06:17 -08:00

..

datagram.c

net: udp: fix handling of CHECKSUM_COMPLETE packets

2018-10-24 14:18:16 -07:00

dev_addr_lists.c

net: change the comment of dev_mc_init

2018-04-19 12:58:20 -04:00

dev_ioctl.c

net: remove redundant input checks in SIOCSIFTXQLEN case of dev_ifsioc

2018-07-24 11:36:15 -07:00

dev.c

net: use skb_list_del_init() to remove from RX sublists

2018-12-05 16:22:05 -08:00

devlink.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2018-10-12 21:38:46 -07:00

drop_monitor.c

treewide: setup_timer() -> timer_setup()

2017-11-21 15:57:07 -08:00

dst_cache.c

net: core: dst_cache_set_ip6: Rename 'addr' parameter to 'saddr' for consistency

2018-03-05 12:52:45 -05:00

dst.c

netfilter: nf_tables: add tunnel support

2018-08-03 21:12:12 +02:00

ethtool.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2018-10-19 11:03:06 -07:00

failover.c

net: Introduce generic failover module

2018-05-28 22:59:54 -04:00

fib_notifier.c

net: Fix fib notifer to return errno

2018-03-29 14:10:30 -04:00

fib_rules.c

net/fib_rules: Update fib_nl_dumprule for strict data checking

2018-10-08 10:39:05 -07:00

filter.c

net: core: Fix Spectre v1 vulnerability

2018-12-22 15:06:17 -08:00

flow_dissector.c

net/flow_dissector: correctly cap nhoff and thoff in case of BPF

2018-12-07 13:38:29 -08:00

gen_estimator.c

net: core: protect rate estimator statistics pointer with lock

2018-08-11 12:37:10 -07:00

gen_stats.c

net/core: make function ___gnet_stats_copy_basic() static

2018-09-28 10:25:11 -07:00

gro_cells.c

gro_cell: add napi_disable in gro_cells_destroy

2018-12-19 15:50:02 -08:00

hwbm.c

net: hwbm: Fix unbalanced spinlock in error case

2016-05-25 12:35:09 -07:00

link_watch.c

net: linkwatch: add check for netdevice being present to linkwatch_do_dev

2018-09-19 21:06:46 -07:00

lwt_bpf.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

2018-08-07 11:02:05 -07:00

lwtunnel.c

ipv6: sr: define core operations for seg6local lightweight tunnel

2017-08-07 14:16:22 -07:00

Makefile

bpf, sockmap: convert to generic sk_msg interface

2018-10-15 12:23:19 -07:00

neighbour.c

neighbor: NTF_PROXY is a valid ndm_flag for a dump request

2018-12-19 17:30:47 -08:00

net_namespace.c

net/namespace: Update rtnl_net_dumpid for strict data checking

2018-10-08 10:39:05 -07:00

net-procfs.c

proc: introduce proc_create_net{,_data}

2018-05-16 07:24:30 +02:00

net-sysfs.c

net: allow to call netif_reset_xps_queues() under cpus_read_lock

2018-08-09 14:25:06 -07:00

net-sysfs.h

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

net-traces.c

net/ipv6: Udate fib6_table_lookup tracepoint

2018-05-24 23:01:15 -04:00

netclassid_cgroup.c

cgroup, netclassid: add a preemption point to write_classid

2018-10-23 12:58:17 -07:00

netevent.c

netevent: remove automatic variable in register_netevent_notifier()

2015-05-31 00:03:21 -07:00

netpoll.c

net: core: netpoll: Enable netconsole IPv6 link local address

2018-11-05 17:07:10 -08:00

netprio_cgroup.c

net: remove duplicate includes

2017-12-13 13:18:46 -05:00

page_pool.c

net/page_pool: Fix inconsistent lock state warning

2018-07-19 23:23:01 -07:00

pktgen.c

pktgen: Fix fall-through annotation

2018-09-13 15:36:41 -07:00

ptp_classifier.c

ptp: Change ptp_class to a proper bitmask

2015-11-03 11:08:22 -05:00

request_sock.c

ipv4: Namespaceify tcp_max_syn_backlog knob

2016-12-29 11:38:31 -05:00

rtnetlink.c

rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices

2018-12-04 20:28:22 -08:00

scm.c

sched/headers: Prepare for new header dependencies before moving code to <linux/sched/user.h>

2017-03-02 08:42:29 +01:00

secure_seq.c

infiniband: i40iw, nes: don't use wall time for TCP sequence numbers

2018-07-11 12:10:19 -06:00

skbuff.c

net: skb_scrub_packet(): Scrub offload_fwd_mark

2018-11-21 15:38:52 -08:00

skmsg.c

Prevent overflow of sk_msg in sk_msg_clone()

2018-12-21 09:12:49 -08:00

sock_diag.c

net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()

2018-08-14 10:01:24 -07:00

sock_map.c

bpf: skmsg, fix psock create on existing kcm/tls port

2018-10-20 00:40:45 +02:00

sock_reuseport.c

bpf: Enable BPF_PROG_TYPE_SK_REUSEPORT bpf prog in reuseport selection

2018-08-11 01:58:46 +02:00

sock.c

sock_diag: fix autoloading of the raw_diag module

2018-11-05 17:09:19 -08:00

stream.c

vfs: do bulk POLL* -> EPOLL* replacement

2018-02-11 14:34:03 -08:00

sysctl_net_core.c

bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K

2018-12-11 19:12:21 -08:00

timestamping.c

net: skb_defer_rx_timestamp should check for phydev before setting up classify

2015-07-09 14:17:15 -07:00

tso.c

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

utils.c

net: Remove some unneeded semicolon

2018-08-04 13:05:39 -07:00

xdp.c

xdp: remove redundant variable 'headroom'

2018-09-01 01:35:53 +02:00