evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/sound/core
History
Gustavo A. R. Silva f56eb9dfd1 ALSA: pcm: Fix potential Spectre v1 vulnerability 
commit 94ffb030b6d31ec840bb811be455dd2e26a4f43e upstream.

stream is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

sound/core/pcm.c:140 snd_pcm_control_ioctl() warn: potential spectre issue 'pcm->streams' [r] (local cap)

Fix this by sanitizing stream before using it to index pcm->streams

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Cc: stable@vger.kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-01-13 10:05:29 +01:00
..
oss ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation 2018-04-24 09:32:09 +02:00
seq ALSA: virmidi: Fix too long output trigger loop 2018-08-22 07:48:36 +02:00
compress_offload.c ALSA: compress: Remove unused variable 2017-10-12 11:27:32 +02:00
control.c ALSA: control: Fix race between adding and removing a user element 2018-12-13 09:21:27 +01:00
control_compat.c ALSA: control: fix a redundant-copy issue 2018-05-26 08:48:52 +02:00
ctljack.c ALSA: jack: Fix endless loop at unique index detection 2015-06-26 06:59:57 +02:00
device.c
hrtimer.c ALSA: hrtimer: Fix stall by hrtimer_cancel() 2016-01-31 11:28:57 -08:00
hwdep.c
hwdep_compat.c
info.c ALSA: info: Limit the proc text input size 2016-11-18 10:48:33 +01:00
info_oss.c
init.c ALSA: Fix uninintialized error return 2015-06-29 19:08:31 +02:00
isadma.c
jack.c
Kconfig ALSA: timer: add config item to export PCM timer disabling for expert 2015-10-16 14:31:38 +02:00
Makefile ALSA: timer: add config item to export PCM timer disabling for expert 2015-10-16 14:31:38 +02:00
memalloc.c ALSA: memalloc: Don't exceed over the requested size 2018-08-22 07:48:36 +02:00
memory.c
misc.c
pcm.c ALSA: pcm: Fix potential Spectre v1 vulnerability 2019-01-13 10:05:29 +01:00
pcm_compat.c ALSA: pcm: Check PCM state at xfern compat ioctl 2018-05-16 10:06:47 +02:00
pcm_dmaengine.c
pcm_drm_eld.c
pcm_iec958.c
pcm_lib.c ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command 2018-12-17 21:55:12 +01:00
pcm_memory.c
pcm_misc.c
pcm_native.c ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command 2018-12-17 21:55:12 +01:00
pcm_timer.c
pcm_trace.h
rawmidi.c ALSA: rawmidi: Change resized buffers atomically 2018-07-25 10:18:15 +02:00
rawmidi_compat.c ALSA: rawmidi: Fix missing input substream checks in compat ioctls 2018-04-24 09:32:10 +02:00
rtctimer.c
sgbuf.c
sound.c
sound_oss.c
timer.c ALSA: timer: Fix zero-division by continue of uninitialized instance 2018-11-10 07:41:38 -08:00
timer_compat.c ALSA: timer: Remove kernel warning at compat ioctl error paths 2017-11-30 08:37:22 +00:00
vmaster.c ALSA: vmaster: Propagate slave error 2018-05-30 07:49:13 +02:00