media: av7110: fix a spectre vulnerability

	u32			ir_config;

};

#define MAX_CI_SLOTS	2

/* place to store all the necessary device information */

struct av7110 {

	/* CA */

	struct ca_slot_info	ci_slot[2];

	struct ca_slot_info	ci_slot[MAX_CI_SLOTS];

	enum av7110_video_mode	vidmode;

	struct dmxdev		dmxdev;

#include <linux/timer.h>

#include <linux/poll.h>

#include <linux/gfp.h>

#include <linux/nospec.h>

#include "av7110.h"

#include "av7110_hw.h"

void CI_handle(struct av7110 *av7110, u8 *data, u16 len)

{

	unsigned slot_num;

	dprintk(8, "av7110:%p\n",av7110);

	if (len < 3)

		return;

	switch (data[0]) {

	case CI_MSG_CI_INFO:

		if (data[2] != 1 && data[2] != 2)

		if (data[2] != 1 && data[2] != MAX_CI_SLOTS)

			break;

		slot_num = array_index_nospec(data[2] - 1, MAX_CI_SLOTS);

		switch (data[1]) {

		case 0:

			av7110->ci_slot[data[2] - 1].flags = 0;

			av7110->ci_slot[slot_num].flags = 0;

			break;

		case 1:

			av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_PRESENT;

			av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_PRESENT;

			break;

		case 2:

			av7110->ci_slot[data[2] - 1].flags |= CA_CI_MODULE_READY;

			av7110->ci_slot[slot_num].flags |= CA_CI_MODULE_READY;

			break;

		}

		break;

	case CA_GET_SLOT_INFO:

	{

		struct ca_slot_info *info=(struct ca_slot_info *)parg;

		unsigned int slot_num;

		if (info->num < 0 || info->num > 1) {

			mutex_unlock(&av7110->ioctl_mutex);

			return -EINVAL;

		}

		av7110->ci_slot[info->num].num = info->num;

		av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ?

		slot_num = array_index_nospec(info->num, MAX_CI_SLOTS);

		av7110->ci_slot[slot_num].num = info->num;

		av7110->ci_slot[slot_num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ?

						 CA_CI_LINK : CA_CI;

		memcpy(info, &av7110->ci_slot[info->num], sizeof(struct ca_slot_info));

		memcpy(info, &av7110->ci_slot[slot_num],

		       sizeof(struct ca_slot_info));

		break;

	}