ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities - linux-dev - Linux kernel development work

diff options

author	Gustavo A. R. Silva <gustavo@embeddedor.com>	2018-12-18 11:52:16 -0600
committer	Takashi Iwai <tiwai@suse.de>	2018-12-19 14:34:02 +0100
commit	5ae4f61f012a097df93de2285070ec8e34716d29 (patch)
tree	7e52e848a4414c037abc6ecdae46ca6ecd40a9e8 /sound/firewire/bebob/bebob.c
parent	ALSA: rme9652: Fix potential Spectre v1 vulnerability (diff)
download	linux-dev-5ae4f61f012a097df93de2285070ec8e34716d29.tar.xz linux-dev-5ae4f61f012a097df93de2285070ec8e34716d29.zip

ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities

ipcm->substream is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: sound/pci/emu10k1/emufx.c:1031 snd_emu10k1_ipcm_poke() warn: potential spectre issue 'emu->fx8010.pcm' [r] (local cap) sound/pci/emu10k1/emufx.c:1075 snd_emu10k1_ipcm_peek() warn: potential spectre issue 'emu->fx8010.pcm' [r] (local cap) Fix this by sanitizing ipcm->substream before using it to index emu->fx8010.pcm Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>

Diffstat (limited to 'sound/firewire/bebob/bebob.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: