lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Jan 2019 11:28:37 -0600
From:   Corey Minyard <minyard@....org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel <linux-kernel@...r.kernel.org>,
        "openipmi-developer@...ts.sourceforge.net" 
        <openipmi-developer@...ts.sourceforge.net>
Subject: [GIT PULL] IPMI serious bugfixes for 5.0

The following changes since commit 7b55851367136b1efd84d98fea81ba57a98304cf:

   fork: record start_time late (2019-01-08 09:40:53 -0800)

are available in the Git repository at:

   https://github.com/cminyard/linux-ipmi.git tags/for-linus-5.0

for you to fetch changes up to 913a89f009d98c85a902d718cd54bb32ab11d167:

   ipmi: Don't initialize anything in the core until something uses it 
(2019-01-23 11:09:32 -0600)

----------------------------------------------------------------
I missed the merge window, which wasn't really important at the time
as there was nothing that critical that I had for 5.0.

However, I say that,and then a number of critical fixes come in:

   ipmi: fix use-after-free of user->release_barrier.rda
   ipmi: Prevent use-after-free in deliver_response
   ipmi: msghandler: Fix potential Spectre v1 vulnerabilities

which are obvious candidates for 5.0.  Then there is:

   ipmi:ssif: Fix handling of multi-part return messages

which is less critical, but it still has some off-by-one things that
are not great, so it seemed appropriate.  Some machines are broken
without it.  Then:

   ipmi: Don't initialize anything in the core until something uses it

It turns out that using SRCU causes large chunks of memory to be used
on big iron machines, even if IPMI is never used.  This was causing
some issues for people on those machines.

Everything here is destined for stable.

----------------------------------------------------------------
Corey Minyard (2):
       ipmi:ssif: Fix handling of multi-part return messages
       ipmi: Don't initialize anything in the core until something uses it

Fred Klassen (1):
       ipmi: Prevent use-after-free in deliver_response

Gustavo A. R. Silva (1):
       ipmi: msghandler: Fix potential Spectre v1 vulnerabilities

Yang Yingliang (1):
       ipmi: fix use-after-free of user->release_barrier.rda

  drivers/char/ipmi/ipmi_msghandler.c | 173 
+++++++++++++++++++++---------------
  drivers/char/ipmi/ipmi_ssif.c       |  25 ++++--
  2 files changed, 117 insertions(+), 81 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ