2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-16 17:23:55 +08:00

vt_ioctl: fix potential spectre v1 in VT_DISALLOCATE

In VT_ACTIVATE an almost identical code path has been patched
with array_index_nospec. In the VT_DISALLOCATE path, the arg is
the user input from a system call argument and lately used as a index
for vc_cons[index].d access, which can be reached through path like
vt_disallocate->vc_busy or vt_disallocate->vc_deallocate.
For consistency both code paths should have the same mitigations
applied. Also, the code style is adjusted as suggested by Jiri.

Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220314122921.31223-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Xiaomeng Tong 2022-03-14 20:29:21 +08:00 committed by Greg Kroah-Hartman
parent f58c252e30
commit b31c41339f

View File

@ -898,11 +898,13 @@ int vt_ioctl(struct tty_struct *tty,
if (arg > MAX_NR_CONSOLES) if (arg > MAX_NR_CONSOLES)
return -ENXIO; return -ENXIO;
if (arg == 0) if (arg == 0) {
vt_disallocate_all(); vt_disallocate_all();
else
return vt_disallocate(--arg);
break; break;
}
arg = array_index_nospec(arg - 1, MAX_NR_CONSOLES);
return vt_disallocate(arg);
case VT_RESIZE: case VT_RESIZE:
{ {