Commit 0c965d27 authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman Committed by Huacai Chen
Browse files

LoongArch: Add spectre boundry for syscall dispatch table 



The LoongArch syscall number is directly controlled by userspace, but
does not have a array_index_nospec() boundry to prevent access past the
syscall function pointer tables.

Cc: stable@vger.kernel.org
Assisted-by: gkh_clanker_2000
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarHuacai Chen <chenhuacai@loongson.cn>
parent 37e57e8a

arch/loongarch/kernel/syscall.c

+2 −1
Original line number Diff line number Diff line
@@ -9,6 +9,7 @@ 
#include <linux/entry-common.h>

#include <linux/errno.h>

#include <linux/linkage.h>

#include <linux/nospec.h>

#include <linux/objtool.h>

#include <linux/randomize_kstack.h>

#include <linux/syscalls.h>
@@ -74,7 +75,7 @@ void noinstr __no_stack_protector do_syscall(struct pt_regs *regs) 
	add_random_kstack_offset();



	if (nr < NR_syscalls) {

		syscall_fn = sys_call_table[nr];

		syscall_fn = sys_call_table[array_index_nospec(nr, NR_syscalls)];

		regs->regs[4] = syscall_fn(regs->orig_a0, regs->regs[5], regs->regs[6],

					   regs->regs[7], regs->regs[8], regs->regs[9]);

	}