lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 3 Dec 2018 12:19:10 +0800
From:   Chao Fan <fanc.fnst@...fujitsu.com>
To:     Masayoshi Mizuma <msys.mizuma@...il.com>
CC:     <linux-kernel@...r.kernel.org>, <x86@...nel.org>, <bp@...en8.de>,
        <tglx@...utronix.de>, <mingo@...hat.com>, <hpa@...or.com>,
        <keescook@...omium.org>, <bhe@...hat.com>,
        <indou.takao@...fujitsu.com>, <caoj.fnst@...fujitsu.com>
Subject: Re: [PATCH v12 4/5] x86/boot: Parse SRAT table from RSDP and store
 immovable memory

On Fri, Nov 30, 2018 at 09:54:33AM -0500, Masayoshi Mizuma wrote:
>On Fri, Nov 30, 2018 at 09:24:54AM +0800, Chao Fan wrote:
>> >>  /* acpitb.c */
>> >> +#ifdef CONFIG_RANDOMIZE_BASE
>> >> +/* Store the amount of immovable memory regions */
>> >> +int num_immovable_mem;
>> >> +#endif
>> >> +
>> >> +#ifdef CONFIG_EARLY_PARSE_RSDP
>> >> +void get_immovable_mem(void);
>> >
>> >> +/* There are 72 kinds of ACPI_SIG in head file of ACPI. */
>> >> +#define MAX_ACPI_SIG	72
>> >
>> >The 72 isn't the specification of ACPI, right? So the number
>> 
>> Yes, it's from  ACPI code, include/acpi/actbl*h.
>> Boris said there should be a check for the num_entries,
>> I didn't get a good idea, so I use the max number to check it.
>> So do you have some advice?
>
>Ah, got it. How about adding the check for len to prevent the wrap?
>Like as:
>
>	len = header->length;
>	if (len <= sizeof(struct acpi_table_header))
>		return NULL;
> 	num_entries = (u32)((len - sizeof(struct acpi_table_header)) / size);

Hi Masa,

Your check is right, but not exactly the same.
I think what Boris said is to prevent num_entries from getting too large
and the loop getting too much.
So the 'num_entries' or 'len' can't be more than a fixed value.

Thanks,
Chao Fan

>
>Thanks,
>Masa
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ