• Takashi Iwai's avatar
    ALSA: control: Hardening for potential Spectre v1 · 088e861e
    Takashi Iwai authored
    As recently Smatch suggested, a few places in ALSA control core codes
    may expand the array directly from the user-space value with
      sound/core/control.c:1003 snd_ctl_elem_lock() warn: potential spectre issue 'kctl->vd'
      sound/core/control.c:1031 snd_ctl_elem_unlock() warn: potential spectre issue 'kctl->vd'
      sound/core/control.c:844 snd_ctl_elem_info() warn: potential spectre issue 'kctl->vd'
      sound/core/control.c:891 snd_ctl_elem_read() warn: potential spectre issue 'kctl->vd'
      sound/core/control.c:939 snd_ctl_elem_write() warn: potential spectre issue 'kctl->vd'
    Although all these seem doing only the first load without further
    reference, we may want to stay in a safer side, so hardening with
    array_index_nospec() would still make sense.
    In this patch, we put array_index_nospec() to the common
    snd_ctl_get_ioff*() helpers instead of each caller.  These helpers are
    also referred from some drivers, too, and basically all usages are to
    calculate the array index from the user-space value, hence it's better
    to cover there.
    BugLink: https://marc.info/?l=linux-kernel&m=152411496503418&w=2Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
control.h 8.84 KB