linux/sound/core/seq
Gustavo A. R. Silva c709f14f06 ALSA: seq: oss: Fix Spectre v1 vulnerability
dev is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

sound/core/seq/oss/seq_oss_synth.c:626 snd_seq_oss_synth_make_info() warn: potential spectre issue 'dp->synths' [w] (local cap)

Fix this by sanitizing dev before using it to index dp->synths.

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://lore.kernel.org/lkml/20180423164740.GY17484@dhcp22.suse.cz/

Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-03-21 13:23:51 +01:00
..
oss ALSA: seq: oss: Fix Spectre v1 vulnerability 2019-03-21 13:23:51 +01:00
Kconfig ALSA: seq: Fix CONFIG_SND_SEQ_MIDI dependency 2017-08-11 09:51:41 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
seq.c ALSA: seq: Fix leftovers at probe error path 2018-08-01 22:54:36 +02:00
seq_clientmgr.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
seq_clientmgr.h ALSA: seq: Make ioctls race-free 2018-01-11 14:37:51 +01:00
seq_compat.c ALSA: seq: fix passing wrong pointer in function call of compatibility layer 2016-10-12 20:09:36 +02:00
seq_dummy.c ALSA: seq: Drop snd_seq_autoload_lock() and _unlock() 2015-02-12 14:42:31 +01:00
seq_fifo.c ALSA: seq: More protection for concurrent write and ioctl races 2018-03-08 12:05:37 +01:00
seq_fifo.h [ALSA] Remove xxx_t typedefs: Sequencer 2006-01-03 12:17:52 +01:00
seq_info.c ALSA: seq: Fix leftovers at probe error path 2018-08-01 22:54:36 +02:00
seq_info.h ALSA: seq: Fix leftovers at probe error path 2018-08-01 22:54:36 +02:00
seq_lock.c ALSA: seq: Enable 'use' locking in all configurations 2017-10-18 08:01:46 +02:00
seq_lock.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
seq_memory.c ALSA: seq: Remove dead codes 2018-08-01 22:54:35 +02:00
seq_memory.h ALSA: seq: Remove dead codes 2018-08-01 22:54:35 +02:00
seq_midi.c ALSA: seq: Minor cleanup of MIDI event parser helpers 2018-08-01 22:54:35 +02:00
seq_midi_emul.c ALSA: seq: Mark expected switch fall-through 2018-08-04 08:30:36 +02:00
seq_midi_event.c ALSA: seq: Remove dead codes 2018-08-01 22:54:35 +02:00
seq_ports.c ALSA: seq: fix spelling mistake "Unamed" -> "Unnamed" 2018-05-26 23:59:32 +02:00
seq_ports.h ALSA: seq: remove unused callback_all field 2015-01-26 13:56:58 +01:00
seq_prioq.c ALSA: seq: Fix possible UAF in snd_seq_check_queue() 2018-03-10 17:29:49 +01:00
seq_prioq.h ALSA: seq: Fix possible UAF in snd_seq_check_queue() 2018-03-10 17:29:49 +01:00
seq_queue.c ALSA: seq: Fix leftovers at probe error path 2018-08-01 22:54:36 +02:00
seq_queue.h ALSA: seq: Drop unused 64bit division macros 2018-08-01 22:54:37 +02:00
seq_system.c ALSA: seq: Do error checks at creating system ports 2018-08-28 12:52:02 +02:00
seq_system.h [ALSA] Remove xxx_t typedefs: Sequencer 2006-01-03 12:17:52 +01:00
seq_timer.c ALSA: seq: Avoid open-code for getting timer resolution 2018-05-18 08:49:13 +02:00
seq_timer.h ALSA: seq: Process queue tempo/ppq change in a shot 2018-01-15 16:48:36 +01:00
seq_virmidi.c ALSA: rawmidi: A lightweight function to discard pending bytes 2018-10-04 20:13:17 +02:00