Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-21 Thread Gustavo A. R. Silva
On 05/17/2018 01:08 PM, Gustavo A. R. Silva wrote: BTW, Mauro, you sent a patch to fix an spectre v1 issue in this file yesterday: dvb_ca_en50221.c:1480, but it seems there is another instance of the same issue some lines above: diff --git a/drivers/media/dvb-core/dvb_ca_en50221.c

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-17 Thread Gustavo A. R. Silva
On 05/17/2018 07:13 AM, Mauro Carvalho Chehab wrote: Em Thu, 17 May 2018 08:43:24 -0300 Mauro Carvalho Chehab escreveu: On 05/15/2018 02:39 PM, Dan Carpenter wrote: You'd need to rebuild the db (possibly twice but definitely once). How? Here, I just pull

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-17 Thread Mauro Carvalho Chehab
Em Thu, 17 May 2018 08:43:24 -0300 Mauro Carvalho Chehab escreveu: > > > > On 05/15/2018 02:39 PM, Dan Carpenter wrote: > > > > > >> You'd need to rebuild the db (possibly twice but definitely once). > > > > How? Here, I just pull from your git tree and do a

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-17 Thread Mauro Carvalho Chehab
Em Thu, 17 May 2018 08:34:40 -0300 Mauro Carvalho Chehab escreveu: > Em Thu, 17 May 2018 05:36:03 -0500 > "Gustavo A. R. Silva" escreveu: > > > > > > > On 05/16/2018 08:14 PM, Gustavo A. R. Silva wrote: > > > > > > > > > On 05/15/2018

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-17 Thread Mauro Carvalho Chehab
Em Thu, 17 May 2018 05:36:03 -0500 "Gustavo A. R. Silva" escreveu: > > > On 05/16/2018 08:14 PM, Gustavo A. R. Silva wrote: > > > > > > On 05/15/2018 02:39 PM, Dan Carpenter wrote: > >> You'd need to rebuild the db (possibly twice but definitely once). How? Here, I

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-17 Thread Gustavo A. R. Silva
On 05/16/2018 08:14 PM, Gustavo A. R. Silva wrote: On 05/15/2018 02:39 PM, Dan Carpenter wrote: Dan, These are all the Spectre media issues I see smatch is reporting in linux-next-20180515: drivers/media/cec/cec-pin-error-inj.c:170 cec_pin_error_inj_parse_line() warn: potential spectre

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-16 Thread Gustavo A. R. Silva
On 05/15/2018 02:39 PM, Dan Carpenter wrote: Dan, These are all the Spectre media issues I see smatch is reporting in linux-next-20180515: drivers/media/cec/cec-pin-error-inj.c:170 cec_pin_error_inj_parse_line() warn: potential spectre issue 'pin->error_inj_args'

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-16 Thread Mauro Carvalho Chehab
Em Wed, 16 May 2018 16:11:08 +0300 Dan Carpenter escreveu: > On Tue, May 15, 2018 at 04:00:33PM -0300, Mauro Carvalho Chehab wrote: > > Yeah, that's the same I'm getting from media upstream. > > > > > drivers/media/cec/cec-pin-error-inj.c:170

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-16 Thread Dan Carpenter
On Tue, May 15, 2018 at 04:00:33PM -0300, Mauro Carvalho Chehab wrote: > Yeah, that's the same I'm getting from media upstream. > > > drivers/media/cec/cec-pin-error-inj.c:170 cec_pin_error_inj_parse_line() > > warn: potential spectre issue 'pin->error_inj_args' > > This one seems a false

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-15 Thread Dan Carpenter
On Tue, May 15, 2018 at 12:29:10PM -0500, Gustavo A. R. Silva wrote: > > > On 05/15/2018 09:16 AM, Dan Carpenter wrote: > > > > > > > > I'm curious about how you finally resolved to handle these issues. > > > > > > > > I noticed Smatch is no longer reporting them. > > > > > > There was no

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-15 Thread Mauro Carvalho Chehab
Em Tue, 15 May 2018 12:29:10 -0500 "Gustavo A. R. Silva" escreveu: > On 05/15/2018 09:16 AM, Dan Carpenter wrote: > >>> > >>> I'm curious about how you finally resolved to handle these issues. > >>> > >>> I noticed Smatch is no longer reporting them. > >> > >> There was

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-15 Thread Gustavo A. R. Silva
On 05/15/2018 09:16 AM, Dan Carpenter wrote: I'm curious about how you finally resolved to handle these issues. I noticed Smatch is no longer reporting them. There was no direct fix for it, but maybe this patch has something to do with the smatch error report cleanup: commit

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-15 Thread Dan Carpenter
On Tue, May 15, 2018 at 08:59:53AM -0300, Mauro Carvalho Chehab wrote: > Em Mon, 14 May 2018 22:31:37 -0500 > "Gustavo A. R. Silva" escreveu: > > > Hi Mauro, > > > > On 04/26/2018 06:42 PM, Mauro Carvalho Chehab wrote: > > > > >> > > >> I noticed you changed the status

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-15 Thread Mauro Carvalho Chehab
Em Mon, 14 May 2018 22:31:37 -0500 "Gustavo A. R. Silva" escreveu: > Hi Mauro, > > On 04/26/2018 06:42 PM, Mauro Carvalho Chehab wrote: > > >> > >> I noticed you changed the status of this series from rejected to new. > > > > Yes. > > > >> Also, there are other

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-05-14 Thread Gustavo A. R. Silva
Hi Mauro, On 04/26/2018 06:42 PM, Mauro Carvalho Chehab wrote: I noticed you changed the status of this series from rejected to new. Yes. Also, there are other similar issues in media/pci/ Well, the issues will be there everywhere on all media drivers. I marked your patches because I

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-26 Thread Mauro Carvalho Chehab
Em Thu, 26 Apr 2018 16:41:56 -0500 "Gustavo A. R. Silva" escreveu: > Hi Mauro, > > On 04/23/2018 02:17 PM, Mauro Carvalho Chehab wrote: > > Em Mon, 23 Apr 2018 14:11:02 -0500 > > > > Thanks, I 'll mark this series as rejected at patchwork.linuxtv.org. > > Please feel

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-26 Thread Gustavo A. R. Silva
Hi Mauro, On 04/23/2018 02:17 PM, Mauro Carvalho Chehab wrote: Em Mon, 23 Apr 2018 14:11:02 -0500 Thanks, I 'll mark this series as rejected at patchwork.linuxtv.org. Please feel free to resubmit any patch if they represent a real threat, adding a corresponding description about the threat

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-24 Thread Peter Zijlstra
On Tue, Apr 24, 2018 at 02:47:55PM -0300, Mauro Carvalho Chehab wrote: > So, I'm wondering if are there any way to mitigate it inside the > core itself, instead of doing it on every driver, e. g. changing > v4l_enum_fmt() implementation at v4l2-ioctl. > > Ok, a "poor man" approach would be to

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-24 Thread Mauro Carvalho Chehab
Em Tue, 24 Apr 2018 12:36:09 +0200 Peter Zijlstra escreveu: > On Tue, Apr 24, 2018 at 12:35:00PM +0300, Dan Carpenter wrote: > > On Mon, Apr 23, 2018 at 03:24:55PM -0300, Mauro Carvalho Chehab wrote: > > > Em Mon, 23 Apr 2018 12:38:03 -0500 > > > "Gustavo A. R. Silva"

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-24 Thread Peter Zijlstra
On Tue, Apr 24, 2018 at 12:36:09PM +0200, Peter Zijlstra wrote: > > Then usespace probes which part of the descr[] array is now in cache and > from that it can infer the initial out-of-bound value. Just had a better look at v4l_fill_fmtdesc() and actually read the comment. The code cannot be

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-24 Thread Peter Zijlstra
On Tue, Apr 24, 2018 at 12:35:00PM +0300, Dan Carpenter wrote: > On Mon, Apr 23, 2018 at 03:24:55PM -0300, Mauro Carvalho Chehab wrote: > > Em Mon, 23 Apr 2018 12:38:03 -0500 > > "Gustavo A. R. Silva" escreveu: > > > @@ -875,6 +876,7 @@ static int

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-24 Thread Mauro Carvalho Chehab
Hi Dan, Em Tue, 24 Apr 2018 12:35:00 +0300 Dan Carpenter escreveu: > Hi Mauro, > > I saw your comment on LWN. You argue on LWN that since the format array > is static the CPU won't speculatively read past the L1 cache? The intent of that comment is to be

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-24 Thread Dan Carpenter
Hi Mauro, I saw your comment on LWN. You argue on LWN that since the format array is static the CPU won't speculatively read past the L1 cache? I don't know if that's true. It should be easy enough to filter out the reads into static arrays. Peter do you know the answer here? regards, dan

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-23 Thread Gustavo A. R. Silva
On 04/23/2018 02:17 PM, Mauro Carvalho Chehab wrote: Em Mon, 23 Apr 2018 14:11:02 -0500 "Gustavo A. R. Silva" escreveu: On 04/23/2018 01:24 PM, Mauro Carvalho Chehab wrote: Em Mon, 23 Apr 2018 12:38:03 -0500 "Gustavo A. R. Silva" escreveu:

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-23 Thread Mauro Carvalho Chehab
Em Mon, 23 Apr 2018 14:11:02 -0500 "Gustavo A. R. Silva" escreveu: > On 04/23/2018 01:24 PM, Mauro Carvalho Chehab wrote: > > Em Mon, 23 Apr 2018 12:38:03 -0500 > > "Gustavo A. R. Silva" escreveu: > > > >> f->index can be controlled by

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-23 Thread Gustavo A. R. Silva
On 04/23/2018 01:24 PM, Mauro Carvalho Chehab wrote: Em Mon, 23 Apr 2018 12:38:03 -0500 "Gustavo A. R. Silva" escreveu: f->index can be controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. Smatch warning:

Re: [PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-23 Thread Mauro Carvalho Chehab
Em Mon, 23 Apr 2018 12:38:03 -0500 "Gustavo A. R. Silva" escreveu: > f->index can be controlled by user-space, hence leading to a > potential exploitation of the Spectre variant 1 vulnerability. > > Smatch warning: > drivers/media/usb/tm6000/tm6000-video.c:879

[PATCH 01/11] media: tm6000: fix potential Spectre variant 1

2018-04-23 Thread Gustavo A. R. Silva
f->index can be controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. Smatch warning: drivers/media/usb/tm6000/tm6000-video.c:879 vidioc_enum_fmt_vid_cap() warn: potential spectre issue 'format' Fix this by sanitizing f->index before using