media: mgb4: protect driver against spectre

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Mauro Carvalho Chehab <mchehab+huawei@xxxxxxxxxx>

commit 2aee207e5b3c94ef859316008119ea06d6798d49 upstream.

Frequency range is set from sysfs via frequency_range_store(),
being vulnerable to spectre, as reported by smatch:

	drivers/media/pci/mgb4/mgb4_cmt.c:231 mgb4_cmt_set_vin_freq_range() warn: potential spectre issue 'cmt_vals_in' [r]
	drivers/media/pci/mgb4/mgb4_cmt.c:238 mgb4_cmt_set_vin_freq_range() warn: possible spectre second half.  'reg_set'

Fix it.

Fixes: 0ab13674a9bd ("media: pci: mgb4: Added Digiteq Automotive MGB4 driver")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@xxxxxxxxxx>
Reviewed-by: Martin Tůma <martin.tuma@xxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/media/pci/mgb4/mgb4_cmt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/media/pci/mgb4/mgb4_cmt.c b/drivers/media/pci/mgb4/mgb4_cmt.c
index 70dc78ef193c..a25b68403bc6 100644
--- a/drivers/media/pci/mgb4/mgb4_cmt.c
+++ b/drivers/media/pci/mgb4/mgb4_cmt.c
@@ -227,6 +227,8 @@ void mgb4_cmt_set_vin_freq_range(struct mgb4_vin_dev *vindev,
 	u32 config;
 	size_t i;
 
+	freq_range = array_index_nospec(freq_range, ARRAY_SIZE(cmt_vals_in));
+
 	addr = cmt_addrs_in[vindev->config->id];
 	reg_set = cmt_vals_in[freq_range];
 
-- 
2.47.0



Patches currently in stable-queue which might be from mchehab+huawei@xxxxxxxxxx are

queue-6.11/media-dvb-core-add-missing-buffer-index-check.patch
queue-6.11/media-dvb_frontend-don-t-play-tricks-with-underflow-.patch
queue-6.11/media-cx24116-prevent-overflows-on-snr-calculus.patch
queue-6.11/media-mgb4-protect-driver-against-spectre.patch
queue-6.11/media-adv7604-prevent-underflow-condition-when-repor.patch
queue-6.11/media-pulse8-cec-fix-data-timestamp-at-pulse8_setup.patch
queue-6.11/media-v4l2-ctrls-api-fix-error-handling-for-v4l2_g_ctrl.patch
queue-6.11/media-dvbdev-prevent-the-risk-of-out-of-memory-acces.patch
queue-6.11/media-v4l2-tpg-prevent-the-risk-of-a-division-by-zero.patch
queue-6.11/media-av7110-fix-a-spectre-vulnerability.patch
queue-6.11/media-ar0521-don-t-overflow-when-checking-pll-values.patch
queue-6.11/media-s5p-jpeg-prevent-buffer-overflows.patch
queue-6.11/media-stb0899_algo-initialize-cfr-before-using-it.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux