Revert "vhost: block speculation of translated descriptors"

This reverts commit a89db445fbd7f1f8457b03759aa7343fa530ef6b.

I was hasty to include this patch, and it breaks the build on 32 bit.
Defence in depth is good but let's do it properly.

Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index acabf20..36ca2cf 100644 (file)
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -2071,10 +2071,8 @@ static int translate_desc(struct vhost_virtqueue *vq, u64 addr, u32 len,
                _iov = iov + ret;
                size = node->size - addr + node->start;
                _iov->iov_len = min((u64)len - s, size);
-               _iov->iov_base = (void __user *)
-                       ((unsigned long)node->userspace_addr +
-                        array_index_nospec((unsigned long)(addr - node->start),
-                                           node->size));
+               _iov->iov_base = (void __user *)(unsigned long)
+                       (node->userspace_addr + addr - node->start);
                s += size;
                addr += size;
                ++ret;