lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b5fcb290-5374-4ff3-b74c-a1bd3c802ef0@gpxsee.org>
Date: Wed, 16 Oct 2024 13:59:18 +0200
From: Martin Tůma <tumic@...see.org>
To: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
Cc: Hans Verkuil <hverkuil@...all.nl>,
 Martin Tuma <martin.tuma@...iteqautomotive.com>,
 linux-kernel@...r.kernel.org, linux-media@...r.kernel.org,
 stable@...r.kernel.org
Subject: Re: [PATCH 05/13] media: mgb4: protect driver against spectre

On 16. 10. 24 12:22 odp., Mauro Carvalho Chehab wrote:
> Frequency range is set from sysfs via frequency_range_store(),
> being vulnerable to spectre, as reported by smatch:
> 
> 	drivers/media/pci/mgb4/mgb4_cmt.c:231 mgb4_cmt_set_vin_freq_range() warn: potential spectre issue 'cmt_vals_in' [r]
> 	drivers/media/pci/mgb4/mgb4_cmt.c:238 mgb4_cmt_set_vin_freq_range() warn: possible spectre second half.  'reg_set'
> 
> Fix it.
> 
> Fixes: 0ab13674a9bd ("media: pci: mgb4: Added Digiteq Automotive MGB4 driver")
> Cc: stable@...r.kernel.org
> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
> ---
>   drivers/media/pci/mgb4/mgb4_cmt.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/media/pci/mgb4/mgb4_cmt.c b/drivers/media/pci/mgb4/mgb4_cmt.c
> index 70dc78ef193c..a25b68403bc6 100644
> --- a/drivers/media/pci/mgb4/mgb4_cmt.c
> +++ b/drivers/media/pci/mgb4/mgb4_cmt.c
> @@ -227,6 +227,8 @@ void mgb4_cmt_set_vin_freq_range(struct mgb4_vin_dev *vindev,
>   	u32 config;
>   	size_t i;
>   
> +	freq_range = array_index_nospec(freq_range, ARRAY_SIZE(cmt_vals_in));
> +
>   	addr = cmt_addrs_in[vindev->config->id];
>   	reg_set = cmt_vals_in[freq_range];
>   

I still do not fully understand the exact vulnerability here, but the 
patch should definitely not do any harm, so I'm ok with it even if it's 
real purpose would only be to silence the smatch warning :-)

Reviewed-by: Martin Tůma <martin.tuma@...iteqautomotive.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ