lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d34cf31f-6dc5-ee2d-ea6d-513dd5e8e5c3@embeddedor.com>
Date:   Thu, 17 May 2018 05:36:03 -0500
From:   "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To:     Dan Carpenter <dan.carpenter@...cle.com>
Cc:     Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1



On 05/16/2018 08:14 PM, Gustavo A. R. Silva wrote:
> 
> 
> On 05/15/2018 02:39 PM, Dan Carpenter wrote:
>>> Dan,
>>>
>>> These are all the Spectre media issues I see smatch is reporting in
>>> linux-next-20180515:
>>>
>>> drivers/media/cec/cec-pin-error-inj.c:170 cec_pin_error_inj_parse_line()
>>> warn: potential spectre issue 'pin->error_inj_args'
>>> drivers/media/dvb-core/dvb_ca_en50221.c:1479 
>>> dvb_ca_en50221_io_write() warn:
>>> potential spectre issue 'ca->slot_info' (local cap)
>>> drivers/media/dvb-core/dvb_net.c:252 handle_one_ule_extension() warn:
>>> potential spectre issue 'p->ule_next_hdr'
>>>
>>> I pulled the latest changes from the smatch repository and compiled it.
>>>
>>> I'm running smatch v0.5.0-4459-g2f66d40 now. Is this the latest version?
>>>
>>> I wonder if there is anything I might be missing.
>>>
>>
>> You'd need to rebuild the db (possibly twice but definitely once).
>>
> 
> Hi Dan,
> 
> After rebuilding the db (once), these are all the Spectre media warnings 
> I get:
> 
> drivers/media/pci/ddbridge/ddbridge-core.c:233 ddb_redirect() warn: 
> potential spectre issue 'ddbs'
> drivers/media/pci/ddbridge/ddbridge-core.c:243 ddb_redirect() warn: 
> potential spectre issue 'pdev->port'
> drivers/media/pci/ddbridge/ddbridge-core.c:252 ddb_redirect() warn: 
> potential spectre issue 'idev->input'
> drivers/media/dvb-core/dvb_ca_en50221.c:1400 
> dvb_ca_en50221_io_do_ioctl() warn: potential spectre issue 
> 'ca->slot_info' (local cap)
> drivers/media/dvb-core/dvb_ca_en50221.c:1479 dvb_ca_en50221_io_write() 
> warn: potential spectre issue 'ca->slot_info' (local cap)
> drivers/media/dvb-core/dvb_net.c:252 handle_one_ule_extension() warn: 
> potential spectre issue 'p->ule_next_hdr'
> drivers/media/dvb-core/dvb_net.c:1483 dvb_net_do_ioctl() warn: potential 
> spectre issue 'dvbnet->device' (local cap)
> drivers/media/cec/cec-pin-error-inj.c:170 cec_pin_error_inj_parse_line() 
> warn: potential spectre issue 'pin->error_inj_args'
> 
> I just want to double check if you are getting the same output. In case 
> you are getting the same, then what Mauro commented about these issues:
> 
> https://patchwork.linuxtv.org/project/linux-media/list/?submitter=7277
> 
> being resolved by commit 3ad3b7a2ebaefae37a7eafed0779324987ca5e56 seems 
> to be correct.
> 

Interesting, I've rebuild the db twice and now I get a total of 75 
Spectre warnings in drivers/media

--
Gustavo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ