From mboxrd@z Thu Jan 1 00:00:00 1970 From: Takashi Iwai Subject: Re: [PATCH] ALSA: rawmidi: Fix potential Spectre v1 vulnerability Date: Thu, 21 Mar 2019 13:24:55 +0100 Message-ID: References: <20190320211524.GA20363@embeddedor> Mime-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Return-path: In-Reply-To: <20190320211524.GA20363@embeddedor> Sender: linux-kernel-owner@vger.kernel.org To: " Gustavo A. R. Silva " Cc: Jaroslav Kysela , alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org List-Id: alsa-devel@alsa-project.org On Wed, 20 Mar 2019 22:15:24 +0100, Gustavo A. R. Silva wrote: > > info->stream is indirectly controlled by user-space, hence leading to > a potential exploitation of the Spectre variant 1 vulnerability. > > This issue was detected with the help of Smatch: > > sound/core/rawmidi.c:604 __snd_rawmidi_info_select() warn: potential spectre issue 'rmidi->streams' [r] (local cap) > > Fix this by sanitizing info->stream before using it to index > rmidi->streams. > > Notice that given that speculation windows are large, the policy is > to kill the speculation on the first load and not worry if it can be > completed with a dependent load/store [1]. > > [1] https://lore.kernel.org/lkml/20180423164740.GY17484@dhcp22.suse.cz/ > > Cc: stable@vger.kernel.org > Signed-off-by: Gustavo A. R. Silva Applied, thanks. Takashi From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 662D1C43381 for ; Thu, 21 Mar 2019 12:24:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 328FA21915 for ; Thu, 21 Mar 2019 12:24:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728197AbfCUMY5 (ORCPT ); Thu, 21 Mar 2019 08:24:57 -0400 Received: from mx2.suse.de ([195.135.220.15]:49490 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727823AbfCUMY5 (ORCPT ); Thu, 21 Mar 2019 08:24:57 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 48DECAC44; Thu, 21 Mar 2019 12:24:56 +0000 (UTC) Date: Thu, 21 Mar 2019 13:24:55 +0100 Message-ID: From: Takashi Iwai To: " Gustavo A. R. Silva " Cc: "Jaroslav Kysela" , , Subject: Re: [PATCH] ALSA: rawmidi: Fix potential Spectre v1 vulnerability In-Reply-To: <20190320211524.GA20363@embeddedor> References: <20190320211524.GA20363@embeddedor> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 20 Mar 2019 22:15:24 +0100, Gustavo A. R. Silva wrote: > > info->stream is indirectly controlled by user-space, hence leading to > a potential exploitation of the Spectre variant 1 vulnerability. > > This issue was detected with the help of Smatch: > > sound/core/rawmidi.c:604 __snd_rawmidi_info_select() warn: potential spectre issue 'rmidi->streams' [r] (local cap) > > Fix this by sanitizing info->stream before using it to index > rmidi->streams. > > Notice that given that speculation windows are large, the policy is > to kill the speculation on the first load and not worry if it can be > completed with a dependent load/store [1]. > > [1] https://lore.kernel.org/lkml/20180423164740.GY17484@dhcp22.suse.cz/ > > Cc: stable@vger.kernel.org > Signed-off-by: Gustavo A. R. Silva Applied, thanks. Takashi