| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Aug 2008 09:02:34 -0500 From: "Langsdorf, Mark" <mark.langsdorf@....com> To: "Pavel Machek" <pavel@...e.cz> CC: "Greg KH" <greg@...ah.com>, "Deguara, Joachim" <joachim.deguara@....com>, <gregkh@....cz>, <tglx@...utronix.de>, <mingo@...hat.com>, <hpa@...or.com>, <linux-kernel@...r.kernel.org> Subject: RE: [PATCH 01/01][retry 3] x86: L3 cache index disable for 2.6.26 > > + > > + ret = sscanf(buf, "%x", &val); > > + if (ret != 1) > > + return -EINVAL; > > Is it okay to strlen() on user-supplied data? Do they have to be > null-terminated? What about sscanf? The strlen can go - it's no longer necessary. If sscanf isn't safe in this context, there's a lot of code in drivers/cpufreq/cpufreq.c that I cribbed from that needs to be changed, too. > > + val |= 0xc0000000; > > + pci_write_config_dword(dev, 0x1BC + index * 4, val > & ~0x40000000); > > + wbinvd(); > > + pci_write_config_dword(dev, 0x1BC + index * 4, val); > > Should it do if capable() test before doing such stuff? I don't think so. If it got this far, it is an AMD processor from family 0x10 or later, so it has wbinvd(). -Mark Langsdorf Operating System Research Center AMD -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists