From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Elena Reshetova <elena.reshetova@intel.com>
Date: Mon, 4 Sep 2017 13:11:52 +0300
Subject: [PATCH] userns: prevent speculative execution
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2017-5753
CVE-2017-5715

Real commit text tbd

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
(cherry picked from commit 1410678db6238e625775f7108c68a9e5b8d439a1)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 kernel/user_namespace.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 4eacf186f5bc..684cc69d431c 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -549,8 +549,10 @@ static void *m_start(struct seq_file *seq, loff_t *ppos,
 	struct uid_gid_extent *extent = NULL;
 	loff_t pos = *ppos;
 
-	if (pos < map->nr_extents)
+	if (pos < map->nr_extents) {
+		gmb();
 		extent = &map->extent[pos];
+	}
 
 	return extent;
 }
-- 
2.14.2