lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 24 Nov 2013 09:23:59 +0000
From:	Michele Baldessari <michele@...syn.org>
To:	Henrik Rydberg <rydberg@...omail.se>
Cc:	<jwboyer@...oraproject.org>, Guenter Roeck <linux@...ck-us.net>,
	linux-kernel@...r.kernel.org, lm-sensors@...sensors.org,
	bugzilla@...orremedies.com
Subject: small regression: hwmon: (applesmc) Check key count before
 proceeding - 5f4513864304672e6ea9eac60583eeac32e679f2

Hi Henrik & Guenther,

via commit 5f4513864304672e6ea9eac60583eeac32e679f2 the following
code was added:
diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c
index 62c2e32..98814d1 100644
--- a/drivers/hwmon/applesmc.c
+++ b/drivers/hwmon/applesmc.c
@@ -525,16 +525,25 @@ static int applesmc_init_smcreg_try(void)
 {
        struct applesmc_registers *s = &smcreg;
        bool left_light_sensor, right_light_sensor;
+       unsigned int count;
        u8 tmp[1];
        int ret;
 
        if (s->init_complete)
                return 0;
 
-       ret = read_register_count(&s->key_count);
+       ret = read_register_count(&count);
        if (ret)
                return ret;
 
+       if (s->cache && s->key_count != count) {
+               pr_warn("key count changed from %d to %d\n",
+                       s->key_count, count);
+               kfree(s->cache);
+               s->cache = NULL;
+       }
+       s->key_count = count;
+
        if (!s->cache)
                s->cache = kcalloc(s->key_count, sizeof(*s->cache),
GFP_KERNEL); if (!s->cache)

The issue Chris has seen in Fedora on one MacBookPro4,1
(https://bugzilla.redhat.com/show_bug.cgi?id=1033414) is that this
machine returns a huge number from read_register_count() so now we will
try to allocate an insane amount of memory and we will barf:
[    8.603053] applesmc: key count changed from 261 to 1392508929

Dmidecode for this box is here:
https://bugzilla.redhat.com/attachment.cgi?id=828118

Do we need to special case this specific machine/smc version or should
we limit the kcalloc() call to a somewhat sane limit? Other thoughts?

Thanks,
Michele
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ