On Mon, Dec 24, 2018 at 06:26:42AM -0800, Greg Hackmann wrote:
> +++ b/fs/file.c
> @@ -18,6 +18,7 @@
> #include
> #include
> #include
> +#include
>
> unsigned int sysctl_nr_open __read_mostly = 1024*1024;
> unsigned int sysctl_nr_open_min = BITS_PER_LONG;
> @@ -626,6 +627,7 @@ int __clos
Omer Tripp's analysis of a Spectre V1 gadget in __close_fd():
"1. __close_fd() is reachable via the close() syscall with a
user-controlled fd.
2. If said bounds check is mispredicted, then a user-controlled
address fdt->fd[fd] is obtained then dereferenced, and the value of
a us
2 matches
Mail list logo
