qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

prlimit: do_prlimit needs to have a speculation check 

Bugzilla: https://bugzilla.redhat.com/2196316
CVE: CVE-2023-0458
Upstream Status: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=739790605705ddcf18f21782b9c99ad7d53a8c11

commit 739790605705ddcf18f21782b9c99ad7d53a8c11
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date:   Fri Jan 20 11:03:20 2023 +0100

    prlimit: do_prlimit needs to have a speculation check

    do_prlimit() adds the user-controlled resource value to a pointer that
    will subsequently be dereferenced.  In order to help prevent this
    codepath from being used as a spectre "gadget" a barrier needs to be
    added after checking the range.

    Reported-by: Jordy Zomer <jordyzomer@google.com>
    Tested-by: Jordy Zomer <jordyzomer@google.com>
    Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Signed-off-by: Alex Gladkov <agladkov@redhat.com>
This commit is contained in:
Alex Gladkov 2023-05-09 13:46:37 +02:00
parent abed289ed3
commit 004ada6a63
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/sys.c
View File

@ -1439,6 +1439,8 @@ static int do_prlimit(struct task_struct *tsk, unsigned int resource,
if (resource >= RLIM_NLIMITS)
return -EINVAL;
resource = array_index_nospec(resource, RLIM_NLIMITS);
if (new_rlim) {
if (new_rlim->rlim_cur > new_rlim->rlim_max)
return -EINVAL;