diff options
author | Mauro Carvalho Chehab <mchehab+huawei@kernel.org> | 2021-06-14 10:43:24 +0200 |
---|---|---|
committer | Mauro Carvalho Chehab <mchehab+huawei@kernel.org> | 2021-06-17 09:29:11 +0200 |
commit | 60f0618d157b8c8bf1d09d4a6e10070a0b580160 (patch) | |
tree | ada0cd13090ac6ab34420f075e2325bcbb0e8d85 /mm/process_vm_access.c | |
parent | dba328bab4c6fa4ec1ed3be616f7196865f2ce41 (diff) |
media: dvb-core: frontend: make GET/SET safer
The implementation for FE_SET_PROPERTY/FE_GET_PROPERTY has
a debug code that might be explored via spectre.
Improve the logic in order to mitigate such risk.
It should be noticed that, before this patch, the logic
which implements FE_GET_PROPERTY doesn't check the length passed
by the user, which might lead to expose some information. This
is probably not exploitable, though, as the frontend drivers
won't rely on the buffer length value set by userspace, but
it helps to return a valid value back to userspace.
The code was changed to only try to access an array based on
userspace values only when DVB debug is turned on, helping to
reduce the attack surface, as a speculation attack would work
only if DVB dev_dbg() macros are enabled, which is usually
enabled only on test Kernels or by the root user.
As a side effect, a const array size can now be reduced by
~570 bytes, as it now needs to contain just the name of each
DTV command.
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Diffstat (limited to 'mm/process_vm_access.c')
0 files changed, 0 insertions, 0 deletions