Hello Masashi Honma,
The patch 1222a1601488: "nl80211: Fix possible Spectre-v1 for CQM
RSSI thresholds" from Sep 25, 2018, leads to the following static
checker warning:
net/wireless/nl80211.c:10820 cfg80211_cqm_rssi_update()
warn: disabling speculation after use: 'i'
net/wireless/nl80211.c
10804 last = wdev->cqm_config->last_rssi_event_value;
10805 hyst = wdev->cqm_config->rssi_hyst;
10806 n = wdev->cqm_config->n_rssi_thresholds;
10807
10808 for (i = 0; i < n; i++)
10809 if (last < wdev->cqm_config->rssi_thresholds[i])
^^^^^^^^^^^^^^^^^^
We've already used "i" as an index.
10810 break;
10811
10812 low_index = i - 1;
10813 if (low_index >= 0) {
10814 low_index = array_index_nospec(low_index, n);
^^^^^^^^^^^^^^^^^^
10815 low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
10816 } else {
10817 low = S32_MIN;
10818 }
10819 if (i < n) {
10820 i = array_index_nospec(i, n);
^^^^^^^^^^^^^^^^^^
So this seems like closing the barn door after the horses have left.
10821 high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
10822 } else {
10823 high = S32_MAX;
10824 }
regards,
dan carpenter
On 2019/09/07 22:02, Dan Carpenter wrote:
> The patch 1222a1601488: "nl80211: Fix possible Spectre-v1 for CQM
> RSSI thresholds" from Sep 25, 2018, leads to the following static
> checker warning:
>
> net/wireless/nl80211.c:10820 cfg80211_cqm_rssi_update()
> warn: disabling speculation after use: 'i'
Thanks.
I will send a patch to prevent accessing to rssi_thresholds[n].
Regards,
Masashi Honma.