| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <02622e60-8ce9-8db3-8d16-fa1a32e063bf@embeddedor.com>
Date: Mon, 20 May 2019 09:15:50 -0500
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: Pavel Machek <pavel@...x.de>, stable@...nel.org,
kernel list <linux-kernel@...r.kernel.org>,
davem@...emloft.net, gregkh@...uxfoundation.org
Subject: Re: net: atm: Spectre v1 fix introduced bug in bcb964012d1b in
-stable
On 5/20/19 7:40 AM, Pavel Machek wrote:
>
> In lecd_attach, if arg is < 0, it was treated as 0. Spectre v1 fix
> changed that. Bug does not exist in mainline AFAICT.
>
NACK
array_index_nospec() macro returns zero if *arg* is out of bounds.
In any case, if the "bug" does not exist in mainline, what should be
done is to port the code that fixed it in mainline to old kernels,
not randomly add a "fix" here and there because that means we are
breaking backward compatibility.
--
Gustavo
> Signed-off-by: Pavel Machek <pavel@...x.de>
> # for 4.19.y
>
> diff --git a/net/atm/lec.c b/net/atm/lec.c
> index ad4f829193f0..ed279cd912f4 100644
> --- a/net/atm/lec.c
> +++ b/net/atm/lec.c
> @@ -731,7 +731,7 @@ static int lecd_attach(struct atm_vcc *vcc, int arg)
> i = arg;
> if (arg >= MAX_LEC_ITF)
> return -EINVAL;
> - i = array_index_nospec(arg, MAX_LEC_ITF);
> + i = array_index_nospec(i, MAX_LEC_ITF);
> if (!dev_lec[i]) {
> int size;
>
>
Powered by blists - more mailing lists