sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]

commit 7281c8dec8a87685cb54d503d8cceef5a0fc2fdd upstream. > kernel/sched/core.c:6921 cpu_weight_nice_write_s64() warn: potential spectre issue 'sched_prio_to_weight' Userspace controls @nice, so sanitize the value before using it to index an array. Change-Id: I0e59bc7ecbaf2367e59391c8955e2c246aeeb946 Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> [bwh: Backported to 3.16: Vulnerable array lookup is in set_load_weight()] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
2018-04-20 14:29:51 +02:00 · 2018-04-20 14:29:51 +02:00 · 9f2bb2d35f
parent 8fec935545
commit 9f2bb2d35f
1 changed files with 3 additions and 0 deletions
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@ -90,6 +90,7 @@
 #include <linux/sec_class.h>
 #include <linux/sched/rt.h>
 #include <linux/cpumask.h>
+#include <linux/nospec.h>

 #include <asm/switch_to.h>
 #include <asm/tlb.h>
@ -994,6 +995,8 @@ static void set_load_weight(struct task_struct *p)
 		return;
 	}

+	prio = array_index_nospec(prio, 40);
+
 	load->weight = scale_load(prio_to_weight[prio]);
 	load->inv_weight = prio_to_wmult[prio];
 }