Dan Williams 93f3aff1d9 mpls, nospec: Sanitize array index in mpls_label_ok() ... commit 3968523f85 upstream. mpls_label_ok() validates that the 'platform_label' array index from a userspace netlink message payload is valid. Under speculation the mpls_label_ok() result may not resolve in the CPU pipeline until after the index is used to access an array element. Sanitize the index to zero to prevent userspace-controlled arbitrary out-of-bounds speculation, a precursor for a speculative execution side channel vulnerability. Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> [bwh: Backported to 4.4: - mpls_label_ok() doesn't take an extack parameter - Drop change in mpls_getroute()] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2018-03-11 16:21:34 +01:00
..
Kconfig	mpls: ip tunnel support	2015-07-21 10:39:05 -07:00
Makefile	mpls: ip tunnel support	2015-07-21 10:39:05 -07:00
af_mpls.c	mpls, nospec: Sanitize array index in mpls_label_ok()	2018-03-11 16:21:34 +01:00
internal.h	mpls: move mpls_hdr to a common location	2016-10-03 02:00:21 -04:00
mpls_gso.c	net: mpls: Fixups for GSO	2016-08-30 22:27:18 -07:00
mpls_iptunnel.c	net: Specify the owning module for lwtunnel ops	2017-02-04 09:47:11 +01:00