diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-02-04 14:45:55 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-02-04 14:45:55 -0500 |
| commit | 35277995e17919ab838beae765f440674e8576eb (patch) | |
| tree | e35b60bb3c0c179f147e9acaad5444f1e5d9117e /net | |
| parent | 0a646e9c992e4846665dc995c86f30c599cda64c (diff) | |
| parent | b2ac58f90540e39324e7a29a7ad471407ae0bf48 (diff) | |
Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull spectre/meltdown updates from Thomas Gleixner:
"The next round of updates related to melted spectrum:
- The initial set of spectre V1 mitigations:
- Array index speculation blocker and its usage for syscall,
fdtable and the n180211 driver.
- Speculation barrier and its usage in user access functions
- Make indirect calls in KVM speculation safe
- Blacklisting of known to be broken microcodes so IPBP/IBSR are not
touched.
- The initial IBPB support and its usage in context switch
- The exposure of the new speculation MSRs to KVM guests.
- A fix for a regression in x86/32 related to the cpu entry area
- Proper whitelisting for known to be safe CPUs from the mitigations.
- objtool fixes to deal proper with retpolines and alternatives
- Exclude __init functions from retpolines which speeds up the boot
process.
- Removal of the syscall64 fast path and related cleanups and
simplifications
- Removal of the unpatched paravirt mode which is yet another source
of indirect unproteced calls.
- A new and undisputed version of the module mismatch warning
- A couple of cleanup and correctness fixes all over the place
Yet another step towards full mitigation. There are a few things still
missing like the RBS underflow mitigation for Skylake and other small
details, but that's being worked on.
That said, I'm taking a belated christmas vacation for a week and hope
that everything is magically solved when I'm back on Feb 12th"
* 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (37 commits)
KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
KVM/x86: Add IBPB support
KVM/x86: Update the reverse_cpuid list to include CPUID_7_EDX
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
x86/pti: Mark constant arrays as __initconst
x86/spectre: Simplify spectre_v2 command line parsing
x86/retpoline: Avoid retpolines for built-in __init functions
x86/kvm: Update spectre-v1 mitigation
KVM: VMX: make MSR bitmaps per-VCPU
x86/paravirt: Remove 'noreplace-paravirt' cmdline option
x86/speculation: Use Indirect Branch Prediction Barrier in context switch
x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
x86/spectre: Report get_user mitigation for spectre_v1
nl80211: Sanitize array index in parse_txq_params
vfs, fdtable: Prevent bounds-check bypass via speculative execution
x86/syscall: Sanitize syscall table de-references under speculation
x86/get_user: Use pointer masking to limit speculation
...
Diffstat (limited to 'net')
| -rw-r--r-- | net/wireless/nl80211.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index ab0c687d0c44..9c0dcc8324b0 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -16,6 +16,7 @@ | |||
| 16 | #include <linux/nl80211.h> | 16 | #include <linux/nl80211.h> |
| 17 | #include <linux/rtnetlink.h> | 17 | #include <linux/rtnetlink.h> |
| 18 | #include <linux/netlink.h> | 18 | #include <linux/netlink.h> |
| 19 | #include <linux/nospec.h> | ||
| 19 | #include <linux/etherdevice.h> | 20 | #include <linux/etherdevice.h> |
| 20 | #include <net/net_namespace.h> | 21 | #include <net/net_namespace.h> |
| 21 | #include <net/genetlink.h> | 22 | #include <net/genetlink.h> |
| @@ -2080,20 +2081,22 @@ static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { | |||
| 2080 | static int parse_txq_params(struct nlattr *tb[], | 2081 | static int parse_txq_params(struct nlattr *tb[], |
| 2081 | struct ieee80211_txq_params *txq_params) | 2082 | struct ieee80211_txq_params *txq_params) |
| 2082 | { | 2083 | { |
| 2084 | u8 ac; | ||
| 2085 | |||
| 2083 | if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || | 2086 | if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || |
| 2084 | !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || | 2087 | !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || |
| 2085 | !tb[NL80211_TXQ_ATTR_AIFS]) | 2088 | !tb[NL80211_TXQ_ATTR_AIFS]) |
| 2086 | return -EINVAL; | 2089 | return -EINVAL; |
| 2087 | 2090 | ||
| 2088 | txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); | 2091 | ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); |
| 2089 | txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); | 2092 | txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); |
| 2090 | txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); | 2093 | txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); |
| 2091 | txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); | 2094 | txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); |
| 2092 | txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); | 2095 | txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); |
| 2093 | 2096 | ||
| 2094 | if (txq_params->ac >= NL80211_NUM_ACS) | 2097 | if (ac >= NL80211_NUM_ACS) |
| 2095 | return -EINVAL; | 2098 | return -EINVAL; |
| 2096 | 2099 | txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS); | |
| 2097 | return 0; | 2100 | return 0; |
| 2098 | } | 2101 | } |
| 2099 | 2102 | ||