Commit 4f5ab5d7 authored by Mauro Carvalho Chehab's avatar Mauro Carvalho Chehab
Browse files

media: dvb_ca_en50221: prevent using slot_info for Spectre attacs 



slot can be controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability,
as warned by smatch:
	drivers/media/dvb-core/dvb_ca_en50221.c:1479 dvb_ca_en50221_io_write() warn: potential spectre issue 'ca->slot_info' (local cap)

Acked-by: default avatar"Jasmin J." <jasmin@anw.at>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab+samsung@kernel.org>
parent 782b9d20

drivers/media/dvb-core/dvb_ca_en50221.c

+2 −0
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ 
#include <linux/slab.h>

#include <linux/list.h>

#include <linux/module.h>

#include <linux/nospec.h>

#include <linux/vmalloc.h>

#include <linux/delay.h>

#include <linux/spinlock.h>
@@ -1476,6 +1477,7 @@ static ssize_t dvb_ca_en50221_io_write(struct file *file, 


	if (slot >= ca->slot_count)

		return -EINVAL;

	slot = array_index_nospec(slot, ca->slot_count);

	sl = &ca->slot_info[slot];



	/* check if the slot is actually running */