sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
commit 7281c8dec8a87685cb54d503d8cceef5a0fc2fdd upstream. > kernel/sched/core.c:6921 cpu_weight_nice_write_s64() warn: potential spectre issue 'sched_prio_to_weight' Userspace controls @nice, so sanitize the value before using it to index an array. Change-Id: I0e59bc7ecbaf2367e59391c8955e2c246aeeb946 Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> [bwh: Backported to 3.16: Vulnerable array lookup is in set_load_weight()] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
This commit is contained in:
parent
8fec935545
commit
9f2bb2d35f
|
@ -90,6 +90,7 @@
|
|||
#include <linux/sec_class.h>
|
||||
#include <linux/sched/rt.h>
|
||||
#include <linux/cpumask.h>
|
||||
#include <linux/nospec.h>
|
||||
|
||||
#include <asm/switch_to.h>
|
||||
#include <asm/tlb.h>
|
||||
|
@ -994,6 +995,8 @@ static void set_load_weight(struct task_struct *p)
|
|||
return;
|
||||
}
|
||||
|
||||
prio = array_index_nospec(prio, 40);
|
||||
|
||||
load->weight = scale_load(prio_to_weight[prio]);
|
||||
load->inv_weight = prio_to_wmult[prio];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue