lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 20 Dec 2018 18:35:44 +0100
From:   Takashi Iwai <tiwai@...e.de>
To:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc:     Jaroslav Kysela <perex@...ex.cz>, alsa-devel@...a-project.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ALSA: isa/wavefront: Fix potential Spectre v1 vulnerabilities

On Thu, 20 Dec 2018 18:13:31 +0100,
Gustavo A. R. Silva wrote:
> 
> On 12/20/18 2:11 AM, Takashi Iwai wrote:
> > On Thu, 20 Dec 2018 00:31:43 +0100,
> >   Gustavo A. R. Silva  wrote:
> >>
> >> header->number is indirectly controlled by user-space, hence leading
> >> to a potential exploitation of the Spectre variant 1 vulnerability.
> >>
> >> This issue was detected with the help of Smatch:
> >>
> >> sound/isa/wavefront/wavefront_synth.c:792 wavefront_send_patch() warn: potential spectre issue 'dev->patch_status' [w] (local cap)
> >> sound/isa/wavefront/wavefront_synth.c:819 wavefront_send_program() warn: potential spectre issue 'dev->prog_status' [w] (local cap)
> >> sound/isa/wavefront/wavefront_synth.c:1197 wavefront_send_alias() warn: potential spectre issue 'dev->sample_status' [w]
> >> sound/isa/wavefront/wavefront_synth.c:1248 wavefront_send_multisample() warn: potential spectre issue 'dev->sample_status' [w]
> >> sound/isa/wavefront/wavefront_synth.c:1548 wavefront_synth_control() warn: potential spectre issue 'dev->sample_status' [r] (local cap)
> >>
> >> Fix this by sanitizing header->number before using it to index
> >> dev->patch_status, dev->prog_status and dev->sample_status.
> >>
> >> Notice that given that speculation windows are large, the policy is
> >> to kill the speculation on the first load and not worry if it can be
> >> completed with a dependent load/store [1].
> >>
> >> [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
> >>
> >> Cc: stable@...r.kernel.org
> >> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
> >
> > Is there any platform with ISA slot that suffers from Spectre?
> >
> >
> 
> Do you mean 'any other'?

Well, no, my question is whether it makes sense to patch the code path
for such ISA drivers.  Spectre seems applicable since the model around
2006 or so, and ISA slot has been already dead for very long time.
And yet with this minor board...  I bet no one hits this in the
world.


thanks,

Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ