Re: [PATCH net] vhost: Fix Spectre V1 vulnerability
From: David Miller
Date: Wed Oct 31 2018 - 15:39:57 EST
From: Jason Wang <jasowang@xxxxxxxxxx>
Date: Tue, 30 Oct 2018 14:10:49 +0800
> The idx in vhost_vring_ioctl() was controlled by userspace, hence a
> potential exploitation of the Spectre variant 1 vulnerability.
>
> Fixing this by sanitizing idx before using it to index d->vqs.
>
> Cc: Michael S. Tsirkin <mst@xxxxxxxxxx>
> Cc: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
> Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx>
> Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
Applied and queued up for -stable.