kernel-fxtec-pro1x/sound/pci/emu10k1
Gustavo A. R. Silva 0d22704968 ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
commit 5ae4f61f012a097df93de2285070ec8e34716d29 upstream.

ipcm->substream is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

sound/pci/emu10k1/emufx.c:1031 snd_emu10k1_ipcm_poke() warn: potential spectre issue 'emu->fx8010.pcm' [r] (local cap)
sound/pci/emu10k1/emufx.c:1075 snd_emu10k1_ipcm_peek() warn: potential spectre issue 'emu->fx8010.pcm' [r] (local cap)

Fix this by sanitizing ipcm->substream before using it to index emu->fx8010.pcm

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-01-09 17:38:36 +01:00
..
emu10k1.c ALSA: seq: Allow the modular sequencer registration 2017-06-12 08:43:33 +02:00
emu10k1_callback.c ALSA: emu10k1: constify snd_emux_operators structure 2017-02-19 22:07:29 +01:00
emu10k1_main.c treewide: Use array_size() in vmalloc() 2018-06-12 16:19:22 -07:00
emu10k1_patch.c ALSA: emu10k1_patch: Use swap macro in snd_emu10k1_sample_new 2018-07-17 17:17:52 +02:00
emu10k1_synth.c ALSA: seq: Define driver object in each driver 2015-02-12 14:15:54 +01:00
emu10k1_synth_local.h
emu10k1x.c sound: Use octal not symbolic permissions 2018-05-28 11:27:20 +02:00
emufx.c ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities 2019-01-09 17:38:36 +01:00
emumixer.c ALSA: pci: constify snd_kcontrol_new structures 2017-02-21 22:01:21 +01:00
emumpu401.c ALSA: pci: Constify snd_rawmidi_ops 2017-01-12 12:50:26 +01:00
emupcm.c ALSA: emu10k1: Mark expected switch fall-throughs 2018-08-06 09:33:43 +02:00
emuproc.c sound: Use octal not symbolic permissions 2018-05-28 11:27:20 +02:00
io.c ALSA: emu10k1: Fix possible NULL dereference 2014-03-05 12:15:56 +01:00
irq.c ALSA: emu10k1: Use standard printk helpers 2014-02-26 16:45:27 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
memory.c ALSA: emu10k1: Rate-limit error messages about page errors 2018-05-17 20:02:23 +02:00
p16v.c treewide: Use array_size() in vmalloc() 2018-06-12 16:19:22 -07:00
p16v.h Fix common misspellings 2011-03-31 11:26:23 -03:00
p17v.h
timer.c ALSA: pci: remove __dev* attributes 2012-12-07 07:20:55 +01:00
tina2.h
voice.c ALSA: emu10k1: Use standard printk helpers 2014-02-26 16:45:27 +01:00