| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPcyv4iiZS_zfroRtmS-zD-cCDj1yQonBsWM23utR9m9kiBizA@mail.gmail.com>
Date: Tue, 19 Feb 2019 18:58:23 -0800
From: Dan Williams <dan.j.williams@...el.com>
To: Jeff Moyer <jmoyer@...hat.com>
Cc: linux-nvdimm <linux-nvdimm@...ts.01.org>,
Vishal Verma <vishal.verma@...el.com>,
stable <stable@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] acpi/nfit: Fix bus command validation
On Tue, Feb 19, 2019 at 5:57 PM Jeff Moyer <jmoyer@...hat.com> wrote:
>
> Dan Williams <dan.j.williams@...el.com> writes:
>
> > Commit 11189c1089da "acpi/nfit: Fix command-supported detection" broke
> > ND_CMD_CALL for bus-level commands. The "func = cmd" assumption is only
> > valid for:
> >
> > ND_CMD_ARS_CAP
> > ND_CMD_ARS_START
> > ND_CMD_ARS_STATUS
> > ND_CMD_CLEAR_ERROR
> >
> > The function number otherwise needs to be pulled from the command
> > payload for:
> >
> > NFIT_CMD_TRANSLATE_SPA
> > NFIT_CMD_ARS_INJECT_SET
> > NFIT_CMD_ARS_INJECT_CLEAR
> > NFIT_CMD_ARS_INJECT_GET
> >
> > Update cmd_to_func() for the bus case and call it in the common path.
> >
> > Fixes: 11189c1089da ("acpi/nfit: Fix command-supported detection")
> > Cc: <stable@...r.kernel.org>
> > Cc: Vishal Verma <vishal.verma@...el.com>
> > Reported-by: Grzegorz Burzynski <grzegorz.burzynski@...el.com>
> > Signed-off-by: Dan Williams <dan.j.williams@...el.com>
>
> Tricky code path, eh?
ioctl path, number one source of bugs / thrash in this subsystem. 2nd
place, ARS.
> Tested-by: Jeff Moyer <jmoyer@...hat.com>
Thanks.
Powered by blists - more mailing lists