sound/usb/mixer_scarlett2.c:4972 scarlett2_ioctl_select_flash_segment() warn: potential spectre issue 'private->flash_segment_nums' [r] (local cap)
From: Dan Carpenter
Date: Mon Nov 11 2024 - 04:20:17 EST
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: de2f378f2b771b39594c04695feee86476743a69
commit: 6a7508e64ee3e8320c886020bcdcd70f7fcbff2c ALSA: scarlett2: Add ioctl commands to erase flash segments
date: 11 months ago
config: x86_64-randconfig-161-20241110 (https://download.01.org/0day-ci/archive/20241110/202411101058.RkdgFPCg-lkp@xxxxxxxxx/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
| Closes: https://lore.kernel.org/r/202411101058.RkdgFPCg-lkp@xxxxxxxxx/
smatch warnings:
sound/usb/mixer_scarlett2.c:4972 scarlett2_ioctl_select_flash_segment() warn: potential spectre issue 'private->flash_segment_nums' [r] (local cap)
sound/usb/mixer_scarlett2.c:4973 scarlett2_ioctl_select_flash_segment() warn: possible spectre second half. 'segment_num'
vim +4972 sound/usb/mixer_scarlett2.c
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4957 /* Select a flash segment for erasing (and possibly writing to) */
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4958 static int scarlett2_ioctl_select_flash_segment(
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4959 struct usb_mixer_interface *mixer,
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4960 unsigned long arg)
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4961 {
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4962 struct scarlett2_data *private = mixer->private_data;
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4963 int segment_id, segment_num;
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4964
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4965 if (get_user(segment_id, (int __user *)arg))
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4966 return -EFAULT;
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4967
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4968 /* Check the segment ID and segment number */
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4969 if (segment_id < 0 || segment_id >= SCARLETT2_SEGMENT_ID_COUNT)
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4970 return -EINVAL;
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4971
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 @4972 segment_num = private->flash_segment_nums[segment_id];
I suspect this does need an array_index_nospec().
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 @4973 if (segment_num < SCARLETT2_SEGMENT_NUM_MIN ||
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4974 segment_num > SCARLETT2_SEGMENT_NUM_MAX) {
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4975 usb_audio_err(mixer->chip,
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4976 "%s: invalid segment number %d\n",
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4977 __func__, segment_id);
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4978 return -EFAULT;
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4979 }
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4980
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4981 /* If erasing, wait for it to complete */
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4982 if (private->flash_write_state == SCARLETT2_FLASH_WRITE_STATE_ERASING) {
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4983 int err = scarlett2_wait_for_erase(mixer);
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4984
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4985 if (err < 0)
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4986 return err;
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4987 }
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4988
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4989 /* Save the selected segment ID and set the state to SELECTED */
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4990 private->selected_flash_segment_id = segment_id;
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4991 private->flash_write_state = SCARLETT2_FLASH_WRITE_STATE_SELECTED;
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4992
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4993 return 0;
6a7508e64ee3e8 Geoffrey D. Bennett 2023-12-20 4994 }
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki