Takashi Iwai 8d218dd811 ALSA: seq: oss: Hardening for potential Spectre v1 ... As Smatch recently suggested, a few places in OSS sequencer codes may expand the array directly from the user-space value with speculation, namely there are a significant amount of references to either info->ch[] or dp->synths[] array: sound/core/seq/oss/seq_oss_event.c:315 note_on_event() warn: potential spectre issue 'info->ch' (local cap) sound/core/seq/oss/seq_oss_event.c:362 note_off_event() warn: potential spectre issue 'info->ch' (local cap) sound/core/seq/oss/seq_oss_synth.c:470 snd_seq_oss_synth_load_patch() warn: potential spectre issue 'dp->synths' (local cap) sound/core/seq/oss/seq_oss_event.c:293 note_on_event() warn: potential spectre issue 'dp->synths' sound/core/seq/oss/seq_oss_event.c:353 note_off_event() warn: potential spectre issue 'dp->synths' sound/core/seq/oss/seq_oss_synth.c:506 snd_seq_oss_synth_sysex() warn: potential spectre issue 'dp->synths' sound/core/seq/oss/seq_oss_synth.c:580 snd_seq_oss_synth_ioctl() warn: potential spectre issue 'dp->synths' Although all these seem doing only the first load without further reference, we may want to stay in a safer side, so hardening with array_index_nospec() would still make sense. We may put array_index_nospec() at each place, but here we take a different approach: - For dp->synths[], change the helpers to retrieve seq_oss_synthinfo pointer directly instead of the array expansion at each place - For info->ch[], harden in a normal way, as there are only a couple of places As a result, the existing helper, snd_seq_oss_synth_is_valid() is replaced with snd_seq_oss_synth_info(). Also, we cover MIDI device where a similar array expansion is done, too, although it wasn't reported by Smatch. BugLink: https://marc.info/?l=linux-kernel&m=152411496503418&w=2 Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>		2018-04-25 10:37:45 +02:00
..
oss	ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation	2018-04-07 13:10:11 +02:00
seq	ALSA: seq: oss: Hardening for potential Spectre v1	2018-04-25 10:37:45 +02:00
compress_offload.c	vfs: do bulk POLL* -> EPOLL* replacement	2018-02-11 14:34:03 -08:00
control_compat.c	ALSA: Get rid of card power_lock	2017-08-30 20:44:29 +02:00
control.c	ALSA: control: Fix missing __user annotation	2018-04-23 16:19:52 +02:00
ctljack.c	ALSA: declare snd_kcontrol_new structures as const	2017-05-30 10:29:25 +02:00
device.c	ALSA: core: Use %pS printk format for direct addresses	2017-09-07 10:36:02 +02:00
hrtimer.c	Merge branch 'for-next' into for-linus	2017-11-13 15:43:13 +01:00
hwdep_compat.c	[PATCH] hwdep_compat missed __user annotations	2006-10-10 15:37:21 -07:00
hwdep.c	Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2018-01-31 09:25:20 -08:00
info_oss.c	ALSA: core: Follow standard EXPORT_SYMBOL() declarations	2017-06-16 16:19:16 +02:00
info.c	vfs: do bulk POLL* -> EPOLL* replacement	2018-02-11 14:34:03 -08:00
init.c	ALSA: Use scnprintf() instead of snprintf() for show	2018-02-27 09:16:52 +01:00
isadma.c	ALSA: core: Follow standard EXPORT_SYMBOL() declarations	2017-06-16 16:19:16 +02:00
jack.c	ALSA: fix kernel-doc build warning	2017-10-30 08:10:07 +01:00
Kconfig	ALSA: seq: Allow the modular sequencer registration	2017-06-12 08:43:33 +02:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
memalloc.c	ALSA: core: Follow standard EXPORT_SYMBOL() declarations	2017-06-16 16:19:16 +02:00
memory.c	ALSA: core: Follow standard EXPORT_SYMBOL() declarations	2017-06-16 16:19:16 +02:00
misc.c	ALSA: core: Follow standard EXPORT_SYMBOL() declarations	2017-06-16 16:19:16 +02:00
pcm_compat.c	ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY.	2018-04-23 08:41:35 +02:00
pcm_dmaengine.c	ASoC: dmaengine_pcm: Add support for packed transfers	2016-04-27 17:34:11 +01:00
pcm_drm_eld.c	ALSA: pcm: use helper function to refer parameter as read-only	2017-05-17 07:24:39 +02:00
pcm_iec958.c	ALSA: pcm: Allow 32 bit sample format in IEC958 channel status helper	2016-04-06 14:33:38 -07:00
pcm_lib.c	ALSA: pcm: Use krealloc() for resizing the rules array	2018-03-13 15:37:58 +01:00
pcm_local.h	ALSA: pcm: unify codes to operate application-side position on PCM buffer	2017-06-12 08:49:22 +02:00
pcm_memory.c	ALSA: pcm: Follow standard EXPORT_SYMBOL() declarations	2017-06-16 16:18:58 +02:00
pcm_misc.c	ALSA: pcm: add SNDRV_PCM_FORMAT_{S,U}20	2017-11-29 09:26:33 +01:00
pcm_native.c	ALSA: pcm: Change return type to vm_fault_t	2018-04-25 08:15:45 +02:00
pcm_param_trace.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
pcm_timer.c	ALSA: pcm: include pcm_local.h and remove some extraneous tabs	2017-05-30 18:04:47 +02:00
pcm_trace.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
pcm.c	ALSA: pcm: Fix UAF at PCM release via PCM timer access	2018-04-03 08:36:40 +02:00
rawmidi_compat.c	ALSA: rawmidi: Fix missing input substream checks in compat ioctls	2018-04-19 18:16:15 +02:00
rawmidi.c	vfs: do bulk POLL* -> EPOLL* replacement	2018-02-11 14:34:03 -08:00
seq_device.c	ALSA: seq: Cancel pending autoload work at unbinding device	2017-09-12 12:41:20 +02:00
sgbuf.c	ALSA: core: Deletion of unnecessary checks before two function calls	2014-11-21 20:06:57 +01:00
sound_oss.c	ALSA: core: Follow standard EXPORT_SYMBOL() declarations	2017-06-16 16:19:16 +02:00
sound.c	ALSA: core: Follow standard EXPORT_SYMBOL() declarations	2017-06-16 16:19:16 +02:00
timer_compat.c	ALSA: timer: Remove kernel warning at compat ioctl error paths	2017-11-21 16:36:11 +01:00
timer.c	vfs: do bulk POLL* -> EPOLL* replacement	2018-02-11 14:34:03 -08:00
vmaster.c	ALSA: vmaster: Zero-clear ctl before calling slave get	2018-03-08 08:41:13 +01:00