lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 15 Jul 2013 10:11:12 -0600
From:	Toshi Kani <toshi.kani@...com>
To:	"Rafael J. Wysocki" <rjw@...k.pl>
Cc:	Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com>,
	linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ACPI / memhotplug: Fix a stale pointer in error path

On Sat, 2013-07-13 at 01:53 +0200, Rafael J. Wysocki wrote:
> On Friday, July 12, 2013 04:28:36 PM Toshi Kani wrote:
> > On Fri, 2013-07-12 at 23:40 +0200, Rafael J. Wysocki wrote:
> > > On Friday, July 12, 2013 03:12:24 PM Toshi Kani wrote:
> > > > On Fri, 2013-07-12 at 23:13 +0200, Rafael J. Wysocki wrote:
> > > > > On Friday, July 12, 2013 03:01:15 PM Toshi Kani wrote:
> > > > > > On Fri, 2013-07-12 at 22:42 +0200, Rafael J. Wysocki wrote:
> > > > > > > On Friday, July 12, 2013 08:51:29 AM Toshi Kani wrote:
> > > > > > > > On Fri, 2013-07-12 at 09:24 +0900, Yasuaki Ishimatsu wrote:
> > > > > > > > > (2013/07/11 1:47), Toshi Kani wrote:
> > > > > > > > > > device->driver_data needs to be cleared when releasing its data,
> > > > > > > > > > mem_device, in an error path of acpi_memory_device_add().
> > > > > > > > > > 
> > > > > > > > > > Signed-off-by: Toshi Kani <toshi.kani@...com>
> > > > > > > > > > ---
> > > > > > > > > 
> > > > > > > > > Reviewed-by: Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com>
> > > > > > > > 
> > > > > > > > Thanks Yasuaki!
> > > > > > > 
> > > > > > > Queued up as a fix for 3.11.
> > > > > > 
> > > > > > Thanks!
> > > > > > 
> > > > > > > Do we need that in -stable as well?
> > > > > > 
> > > > > > Good point.  Yes, we need that in -stable as well.
> > > > > 
> > > > > What's the oldest mainline major release that fix is applicable to?
> > > > 
> > > > The fix is applicable all ways up to 2.6.32.
> > > 
> > > For -stable I'll need to say some more about what practical consequences of
> > > the bug are.  Is it difficult to trigger?
> > 
> > The function evaluates _CRS of memory device objects, and fails when it
> > gets an unexpected resource or cannot allocate a memory.
> 
> OK, so this is essentially about surviving unexpected external input, which
> I suppose is serious enough.
>
> > A kernel crash
> > or data corruption may occur when the kernel accessed a stale pointer.
> > That said, I am not sure how critical this issue is for old kernels
> > since I do not think there are many platforms that support memory
> > hotplug today.
> 
> Which doesn't matter.  People may want to run 3.10.y on future hardware too.

Good point.  Thanks for the clarification!
-Toshi


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ