LoongArch: Add spectre boundry for syscall dispatch table

The LoongArch syscall number is directly controlled by userspace, but
does not have a array_index_nospec() boundry to prevent access past the
syscall function pointer tables.

Cc: stable@vger.kernel.org
Assisted-by: gkh_clanker_2000
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>

diff --git a/arch/loongarch/kernel/syscall.c b/arch/loongarch/kernel/syscall.c
index 1249d82c1cd0ac60e7832240ef5059ff45a06c7b..dac435c327433793e94fa3dc0d1b9b9fdbe10f46 100644 (file)
--- a/arch/loongarch/kernel/syscall.c
+++ b/arch/loongarch/kernel/syscall.c
@@ -9,6 +9,7 @@
 #include <linux/entry-common.h>
 #include <linux/errno.h>
 #include <linux/linkage.h>
+#include <linux/nospec.h>
 #include <linux/objtool.h>
 #include <linux/randomize_kstack.h>
 #include <linux/syscalls.h>
@@ -74,7 +75,7 @@ void noinstr __no_stack_protector do_syscall(struct pt_regs *regs)
        add_random_kstack_offset();
 
        if (nr < NR_syscalls) {
-               syscall_fn = sys_call_table[nr];
+               syscall_fn = sys_call_table[array_index_nospec(nr, NR_syscalls)];
                regs->regs[4] = syscall_fn(regs->orig_a0, regs->regs[5], regs->regs[6],
                                           regs->regs[7], regs->regs[8], regs->regs[9]);
        }