From 0974ff6e3bc66f619f7ef70fdb49f3c768237202 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Sat, 14 Sep 2019 15:21:51 -0400 Subject: [PATCH] Revert "vhost: block speculation of translated descriptors" This reverts commit 5d9c46f7942cfe2835650f7f9e014f63aee7d0de. I was hasty to include this patch, and it breaks the build on 32 bit. Defence in depth is good but let's do it properly. Cc: stable@vger.kernel.org Signed-off-by: Michael S. Tsirkin --- drivers/vhost/vhost.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index acabf20b069ef..36ca2cf419bfe 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2071,10 +2071,8 @@ static int translate_desc(struct vhost_virtqueue *vq, u64 addr, u32 len, _iov = iov + ret; size = node->size - addr + node->start; _iov->iov_len = min((u64)len - s, size); - _iov->iov_base = (void __user *) - ((unsigned long)node->userspace_addr + - array_index_nospec((unsigned long)(addr - node->start), - node->size)); + _iov->iov_base = (void __user *)(unsigned long) + (node->userspace_addr + addr - node->start); s += size; addr += size; ++ret; -- 2.39.5