linux-stable/drivers/media/dvb-core
Mauro Carvalho Chehab 60f0618d15 media: dvb-core: frontend: make GET/SET safer
The implementation for FE_SET_PROPERTY/FE_GET_PROPERTY has
a debug code that might be explored via spectre.
Improve the logic in order to mitigate such risk.

It should be noticed that, before this patch, the logic
which implements FE_GET_PROPERTY doesn't check the length passed
by the user, which might lead to expose some information. This
is probably not exploitable, though, as the frontend drivers
won't rely on the buffer length value set by userspace, but
it helps to return a valid value back to userspace.

The code was changed to only try to access an array based on
userspace values only when DVB debug is turned on, helping to
reduce the attack surface, as a speculation attack would work
only if DVB dev_dbg() macros are enabled, which is usually
enabled only on test Kernels or by the root user.

As a side effect, a const array size can now be reduced by
~570 bytes, as it now needs to contain just the name of each
DTV command.

Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
2021-06-17 09:29:11 +02:00
..
dmxdev.c media: dmxdev: change the check for problems allocing secfeed 2021-06-09 14:45:20 +02:00
dvb_ca_en50221.c media: dvb_ca_en50221: avoid speculation from CA slot 2021-06-17 09:24:10 +02:00
dvb_demux.c
dvb_frontend.c media: dvb-core: frontend: make GET/SET safer 2021-06-17 09:29:11 +02:00
dvb_math.c
dvb_net.c media: dvb_net: avoid speculation from net slot 2021-06-17 09:25:01 +02:00
dvb_ringbuffer.c
dvb_vb2.c media: media/v4l2: remove V4L2_FLAG_MEMORY_NON_CONSISTENT flag 2020-09-14 15:28:06 +02:00
dvbdev.c media: dvbdev: fix error logic at dvb_register_device() 2021-06-17 09:25:31 +02:00
Kconfig media: Kconfig: move DVB-specific options to dvb-core/Kconfig 2020-04-14 10:29:05 +02:00
Makefile