lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <720fa15b9c6840e79452186ccbdd50ce@ausx13mpc120.AMER.DELL.COM>
Date:   Thu, 5 Oct 2017 15:02:25 +0000
From:   <Mario.Limonciello@...l.com>
To:     <andy.shevchenko@...il.com>
CC:     <dvhart@...radead.org>, <linux-kernel@...r.kernel.org>,
        <platform-driver-x86@...r.kernel.org>, <luto@...nel.org>,
        <quasisec@...gle.com>, <pali.rohar@...il.com>, <rjw@...ysocki.net>,
        <mjg59@...gle.com>, <hch@....de>, <greg@...ah.com>
Subject: RE: [PATCH v4 04/14] platform/x86: dell-wmi: increase severity of
 some failures

> -----Original Message-----
> From: Andy Shevchenko [mailto:andy.shevchenko@...il.com]
> Sent: Thursday, October 5, 2017 12:21 AM
> To: Limonciello, Mario <Mario_Limonciello@...l.com>
> Cc: dvhart@...radead.org; LKML <linux-kernel@...r.kernel.org>; Platform Driver
> <platform-driver-x86@...r.kernel.org>; Andy Lutomirski <luto@...nel.org>;
> quasisec@...gle.com; Pali Rohár <pali.rohar@...il.com>; Rafael J. Wysocki
> <rjw@...ysocki.net>; mjg59@...gle.com; Christoph Hellwig <hch@....de>;
> Greg KH <greg@...ah.com>
> Subject: Re: [PATCH v4 04/14] platform/x86: dell-wmi: increase severity of some
> failures
> 
> On Thu, Oct 5, 2017 at 1:48 AM, Mario Limonciello
> <mario.limonciello@...l.com> wrote:
> > There is a lot of error checking in place for the format of the WMI
> > descriptor buffer, but some of the potentially raised issues should
> > be considered critical failures.
> >
> > If the buffer size or header don't match, this is a good indication
> > that the buffer format changed in a way that the rest of the data
> > should not be relied upon.
> >
> > For the remaining data set vectors, continue to notate a warning
> > in undefined results, but as those are fields that the descriptor
> > intended to refer to other applications, don't fail if they're new
> > values.
> 
> > -       if (strncmp(obj->string.pointer, "DELL WMI", 8) != 0)
> > -               dev_warn(&wdev->dev, "Dell descriptor buffer has invalid signature
> (%8ph)\n",
> > +       if (strncmp(obj->string.pointer, "DELL WMI", 8) != 0) {
> > +               dev_err(&wdev->dev, "Dell descriptor buffer has invalid signature
> (%8ph)\n",
> 
> A nit: ping-pong programming detected.
> Looks like current patch 2 should go at least after this one.
> 
> 
> --

I'll re-order them, but either way both patches are touching these lines in some
way.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ