From: Jeremy Cline jcline@redhat.com Date: Mon, 13 Aug 2018 22:23:13 +0000
req->sdiag_family is a user-controlled value that's used as an array index. Sanitize it after the bounds check to avoid speculative out-of-bounds array access.
This also protects the sock_is_registered() call, so this removes the sanitize call there.
Fixes: e978de7a6d38 ("net: socket: Fix potential spectre v1 gadget in sock_is_registered") Cc: Josh Poimboeuf jpoimboe@redhat.com Cc: konrad.wilk@oracle.com Cc: jamie.iles@oracle.com Cc: liran.alon@oracle.com Cc: stable@vger.kernel.org Signed-off-by: Jeremy Cline jcline@redhat.com
Since commit e978de7a6d38 didn't apply cleanly to v4.14, this won't either since it reverts that change. To apply cleanly there, the change to sock_is_registered() needs to be dropped.
Applied, thank you.