diff mbox

[01/11] media: tm6000: fix potential Spectre variant 1

Message ID 5921004a-a7d3-59c9-2ef4-b6a490390d3f@embeddedor.com (mailing list archive)
State New, archived
Headers show

Commit Message

Gustavo A. R. Silva May 17, 2018, 6:08 p.m. UTC 
On 05/17/2018 07:13 AM, Mauro Carvalho Chehab wrote:
> Em Thu, 17 May 2018 08:43:24 -0300
> Mauro Carvalho Chehab <mchehab+samsung@kernel.org> escreveu:
> 
>>>>> On 05/15/2018 02:39 PM, Dan Carpenter wrote:
>>>    
>>>>>> You'd need to rebuild the db (possibly twice but definitely once).
>>>
>>> How? Here, I just pull from your git tree and do a "make". At most,
>>> make clean; make.
>>
>> Never mind. Found it using grep. I'm running this:
>>
>> 	make allyesconfig
>> 	/devel/smatch/smatch_scripts/build_kernel_data.sh
>> 	/devel/smatch/smatch_scripts/build_kernel_data.sh
> 
> It seems that something is broken... getting this error/warning:
> 
> DBD::SQLite::db do failed: unrecognized token: "'end + strlen("
> " at /devel/smatch/smatch_scripts/../smatch_data/db/fill_db_sql.pl line 32, <WARNS> line 2938054.
> 

Yep. I get the same warning multiple times.

BTW, Mauro, you sent a patch to fix an spectre v1 issue in this file 
yesterday: dvb_ca_en50221.c:1480, but it seems there is another instance 
of the same issue some lines above:

                     (sl->slot_state != DVB_CA_SLOTSTATE_INVALID)) {


Thanks
--
Gustavo

Comments

Gustavo A. R. Silva May 21, 2018, 4:18 p.m. UTC | #1 
On 05/17/2018 01:08 PM, Gustavo A. R. Silva wrote:
> 
> BTW, Mauro, you sent a patch to fix an spectre v1 issue in this file 
> yesterday: dvb_ca_en50221.c:1480, but it seems there is another instance 
> of the same issue some lines above:
> 
> diff --git a/drivers/media/dvb-core/dvb_ca_en50221.c 
> b/drivers/media/dvb-core/dvb_ca_en50221.c
> index 1310526..7edd9db 100644
> --- a/drivers/media/dvb-core/dvb_ca_en50221.c
> +++ b/drivers/media/dvb-core/dvb_ca_en50221.c
> @@ -1398,6 +1398,7 @@ static int dvb_ca_en50221_io_do_ioctl(struct file 
> *file,
> 
>                  info->type = CA_CI_LINK;
>                  info->flags = 0;
> +               slot = array_index_nospec(slot, ca->slot_count + 1);
>                  sl = &ca->slot_info[slot];
>                  if ((sl->slot_state != DVB_CA_SLOTSTATE_NONE) &&
>                      (sl->slot_state != DVB_CA_SLOTSTATE_INVALID)) {
> 
> 

Hi Mauro,

Just to let you know, I was running smatch during the weekend and the 
tool is still reporting all these Spectre media warnings (and a lot more):

https://patchwork.linuxtv.org/project/linux-media/list/?submitter=7277

Thanks
--
Gustavo
diff mbox

Patch

diff --git a/drivers/media/dvb-core/dvb_ca_en50221.c 
b/drivers/media/dvb-core/dvb_ca_en50221.c
index 1310526..7edd9db 100644
--- a/drivers/media/dvb-core/dvb_ca_en50221.c
+++ b/drivers/media/dvb-core/dvb_ca_en50221.c
@@ -1398,6 +1398,7 @@  static int dvb_ca_en50221_io_do_ioctl(struct file 
*file,

                 info->type = CA_CI_LINK;
                 info->flags = 0;
+               slot = array_index_nospec(slot, ca->slot_count + 1);
                 sl = &ca->slot_info[slot];
                 if ((sl->slot_state != DVB_CA_SLOTSTATE_NONE) &&