lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c8d62037-4a26-e18b-51a3-73fc99e76e5b@schoebel-theuer.de>
Date:   Fri, 14 Dec 2018 22:27:25 +0100
From:   Thomas Schoebel-Theuer <tst@...oebel-theuer.de>
To:     Borislav Petkov <bp@...en8.de>
Cc:     linux-kernel@...r.kernel.org, Laura Abbott <labbott@...hat.com>,
        "Rafael J. Wysocki" <rjw@...ysocki.net>,
        Len Brown <lenb@...nel.org>, Tony Luck <tony.luck@...el.com>,
        linux-acpi@...r.kernel.org
Subject: Re: [PATCH] acpi / apei: fix NULL deref during init

On 12/14/18 21:24, Borislav Petkov wrote:
>
> Because apei_resources_fini() happens under the same condition check and
> if arch_apei_filter_addr was false, it should not become true, all of a
> sudden. Or?

Hi Borislav,

please take a look at the stacktrace. For some reason, and only at that 
specific hardware, the condition is false, there but later the indicated 
error exit is taken whose message you can see immediately before the 
stack trace.

So this should documents the one observed case where the NULL deref is 
actually happening.

Of course, it would be possible to develop another solution, but this 
one appears the simplest and safest to me (minimum changes to the logic).

I have tested the patch on that specifc hardware: I have verified that 
the patch does not trigger the NULL deref anymore.

Of course, on any other hardware we have tested, the bug did not trigger 
at all.

If you don't have that specific hardware, you probably cannot easily 
trigger / verify the problem.

If you need access to the specfic hardware, talk to me in a private 
conversation.

Cheers,

Thomas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ