* [bug report] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
@ 2019-09-07 13:02 Dan Carpenter
2019-09-08 0:55 ` Masashi Honma
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2019-09-07 13:02 UTC (permalink / raw)
To: masashi.honma; +Cc: linux-wireless
Hello Masashi Honma,
The patch 1222a1601488: "nl80211: Fix possible Spectre-v1 for CQM
RSSI thresholds" from Sep 25, 2018, leads to the following static
checker warning:
net/wireless/nl80211.c:10820 cfg80211_cqm_rssi_update()
warn: disabling speculation after use: 'i'
net/wireless/nl80211.c
10804 last = wdev->cqm_config->last_rssi_event_value;
10805 hyst = wdev->cqm_config->rssi_hyst;
10806 n = wdev->cqm_config->n_rssi_thresholds;
10807
10808 for (i = 0; i < n; i++)
10809 if (last < wdev->cqm_config->rssi_thresholds[i])
^^^^^^^^^^^^^^^^^^
We've already used "i" as an index.
10810 break;
10811
10812 low_index = i - 1;
10813 if (low_index >= 0) {
10814 low_index = array_index_nospec(low_index, n);
^^^^^^^^^^^^^^^^^^
10815 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
10816 } else {
10817 low = S32_MIN;
10818 }
10819 if (i < n) {
10820 i = array_index_nospec(i, n);
^^^^^^^^^^^^^^^^^^
So this seems like closing the barn door after the horses have left.
10821 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
10822 } else {
10823 high = S32_MAX;
10824 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bug report] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
2019-09-07 13:02 [bug report] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds Dan Carpenter
@ 2019-09-08 0:55 ` Masashi Honma
0 siblings, 0 replies; 2+ messages in thread
From: Masashi Honma @ 2019-09-08 0:55 UTC (permalink / raw)
To: Dan Carpenter; +Cc: linux-wireless
On 2019/09/07 22:02, Dan Carpenter wrote:
> The patch 1222a1601488: "nl80211: Fix possible Spectre-v1 for CQM
> RSSI thresholds" from Sep 25, 2018, leads to the following static
> checker warning:
>
> net/wireless/nl80211.c:10820 cfg80211_cqm_rssi_update()
> warn: disabling speculation after use: 'i'
Thanks.
I will send a patch to prevent accessing to rssi_thresholds[n].
Regards,
Masashi Honma.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-09-08 0:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-07 13:02 [bug report] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds Dan Carpenter
2019-09-08 0:55 ` Masashi Honma
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).