linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [bug report] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
@ 2019-09-07 13:02 Dan Carpenter
  2019-09-08  0:55 ` Masashi Honma
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2019-09-07 13:02 UTC (permalink / raw)
  To: masashi.honma; +Cc: linux-wireless

Hello Masashi Honma,

The patch 1222a1601488: "nl80211: Fix possible Spectre-v1 for CQM
RSSI thresholds" from Sep 25, 2018, leads to the following static
checker warning:

	net/wireless/nl80211.c:10820 cfg80211_cqm_rssi_update()
	warn: disabling speculation after use: 'i'

net/wireless/nl80211.c
 10804          last = wdev->cqm_config->last_rssi_event_value;
 10805          hyst = wdev->cqm_config->rssi_hyst;
 10806          n = wdev->cqm_config->n_rssi_thresholds;
 10807  
 10808          for (i = 0; i < n; i++)
 10809                  if (last < wdev->cqm_config->rssi_thresholds[i])
                                                     ^^^^^^^^^^^^^^^^^^
We've already used "i" as an index.

 10810                          break;
 10811  
 10812          low_index = i - 1;
 10813          if (low_index >= 0) {
 10814                  low_index = array_index_nospec(low_index, n);
                                    ^^^^^^^^^^^^^^^^^^

 10815                  low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
 10816          } else {
 10817                  low = S32_MIN;
 10818          }
 10819          if (i < n) {
 10820                  i = array_index_nospec(i, n);
                            ^^^^^^^^^^^^^^^^^^
So this seems like closing the barn door after the horses have left.

 10821                  high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
 10822          } else {
 10823                  high = S32_MAX;
 10824          }

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [bug report] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
  2019-09-07 13:02 [bug report] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds Dan Carpenter
@ 2019-09-08  0:55 ` Masashi Honma
  0 siblings, 0 replies; 2+ messages in thread
From: Masashi Honma @ 2019-09-08  0:55 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: linux-wireless

On 2019/09/07 22:02, Dan Carpenter wrote:
> The patch 1222a1601488: "nl80211: Fix possible Spectre-v1 for CQM
> RSSI thresholds" from Sep 25, 2018, leads to the following static
> checker warning:
> 
> 	net/wireless/nl80211.c:10820 cfg80211_cqm_rssi_update()
> 	warn: disabling speculation after use: 'i'

Thanks.

I will send a patch to prevent accessing to rssi_thresholds[n].

Regards,
Masashi Honma.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-09-08  0:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-07 13:02 [bug report] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds Dan Carpenter
2019-09-08  0:55 ` Masashi Honma

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).