3.16.60-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <pet...@infradead.org>
commit 7281c8dec8a87685cb54d503d8cceef5a0fc2fdd upstream.
> kernel/sched/core.c:6921 cpu_weight_nice_write_s64() warn: potential spectre
> issue 'sched_prio_to_weight'
Userspace controls @nice, so sanitize the value before using it to
index an array.
Reported-by: Dan Carpenter <dan.carpen...@oracle.com>
Signed-off-by: Peter Zijlstra (Intel) <pet...@infradead.org>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Mike Galbraith <efa...@gmx.de>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mi...@kernel.org>
[bwh: Backported to 3.16: Vulnerable array lookup is in set_load_weight()]
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
---
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -74,6 +74,7 @@
#include <linux/binfmts.h>
#include <linux/context_tracking.h>
#include <linux/compiler.h>
+#include <linux/nospec.h>
#include <asm/switch_to.h>
#include <asm/tlb.h>
@@ -820,6 +821,8 @@ static void set_load_weight(struct task_
return;
}
+ prio = array_index_nospec(prio, 40);
+
load->weight = scale_load(prio_to_weight[prio]);
load->inv_weight = prio_to_wmult[prio];
}
