From 4f5ab5d7a5e765ad231a132f82cec71de88b9aad Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab Date: Tue, 15 May 2018 08:31:38 -0400 Subject: media: dvb_ca_en50221: prevent using slot_info for Spectre attacs slot can be controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability, as warned by smatch: drivers/media/dvb-core/dvb_ca_en50221.c:1479 dvb_ca_en50221_io_write() warn: potential spectre issue 'ca->slot_info' (local cap) Acked-by: "Jasmin J." Signed-off-by: Mauro Carvalho Chehab --- drivers/media/dvb-core/dvb_ca_en50221.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'drivers') diff --git a/drivers/media/dvb-core/dvb_ca_en50221.c b/drivers/media/dvb-core/dvb_ca_en50221.c index 97365a863519..1310526b0d49 100644 --- a/drivers/media/dvb-core/dvb_ca_en50221.c +++ b/drivers/media/dvb-core/dvb_ca_en50221.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -1476,6 +1477,7 @@ static ssize_t dvb_ca_en50221_io_write(struct file *file, if (slot >= ca->slot_count) return -EINVAL; + slot = array_index_nospec(slot, ca->slot_count); sl = &ca->slot_info[slot]; /* check if the slot is actually running */ -- cgit v1.2.3