From 0d4a3f2abbef73b9e5bb5f12213c275565473588 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Sat, 14 Sep 2019 15:21:51 -0400 Subject: [PATCH] Revert "vhost: block speculation of translated descriptors" This reverts commit a89db445fbd7f1f8457b03759aa7343fa530ef6b. I was hasty to include this patch, and it breaks the build on 32 bit. Defence in depth is good but let's do it properly. Cc: stable@vger.kernel.org Signed-off-by: Michael S. Tsirkin --- drivers/vhost/vhost.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index acabf20b069e..36ca2cf419bf 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2071,10 +2071,8 @@ static int translate_desc(struct vhost_virtqueue *vq, u64 addr, u32 len, _iov = iov + ret; size = node->size - addr + node->start; _iov->iov_len = min((u64)len - s, size); - _iov->iov_base = (void __user *) - ((unsigned long)node->userspace_addr + - array_index_nospec((unsigned long)(addr - node->start), - node->size)); + _iov->iov_base = (void __user *)(unsigned long) + (node->userspace_addr + addr - node->start); s += size; addr += size; ++ret;