diff options
author | Michael S. Tsirkin <mst@redhat.com> | 2019-09-14 15:21:51 -0400 |
---|---|---|
committer | Michael S. Tsirkin <mst@redhat.com> | 2019-09-14 15:21:51 -0400 |
commit | 0d4a3f2abbef73b9e5bb5f12213c275565473588 (patch) | |
tree | 5aa5d51eb73baf137252c43fd26aa33f4e897446 | |
parent | 060423bfdee3f8bc6e2c1bac97de24d5415e2bc4 (diff) |
Revert "vhost: block speculation of translated descriptors"
This reverts commit a89db445fbd7f1f8457b03759aa7343fa530ef6b.
I was hasty to include this patch, and it breaks the build on 32 bit.
Defence in depth is good but let's do it properly.
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-rw-r--r-- | drivers/vhost/vhost.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index acabf20b069e..36ca2cf419bf 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2071,10 +2071,8 @@ static int translate_desc(struct vhost_virtqueue *vq, u64 addr, u32 len, _iov = iov + ret; size = node->size - addr + node->start; _iov->iov_len = min((u64)len - s, size); - _iov->iov_base = (void __user *) - ((unsigned long)node->userspace_addr + - array_index_nospec((unsigned long)(addr - node->start), - node->size)); + _iov->iov_base = (void __user *)(unsigned long) + (node->userspace_addr + addr - node->start); s += size; addr += size; ++ret; |