| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Apr 2019 16:05:05 +0800
From: WANG Chao <chao.wang@...oud.cn>
To: Borislav Petkov <bp@...en8.de>
Cc: Tony Luck <tony.luck@...el.com>, linux-kernel@...r.kernel.org,
linux-edac@...r.kernel.org
Subject: Re: [PATCH 1/3] RAS/CEC: fix __find_elem
On 04/25/19 at 03:56P, WANG Chao wrote:
> On 04/18/19 at 11:41P, WANG Chao wrote:
> > A left over pfn (because we don't clear) at ca->array[n] can be a match
> > in __find_elem. Later it'd cause a memmove size overflow in del_elem.
> >
> > Signed-off-by: WANG Chao <chao.wang@...oud.cn>
> > ---
> > drivers/ras/cec.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/ras/cec.c b/drivers/ras/cec.c
> > index 2d9ec378a8bc..2e0bf1269c31 100644
> > --- a/drivers/ras/cec.c
> > +++ b/drivers/ras/cec.c
> > @@ -206,7 +206,7 @@ static int __find_elem(struct ce_array *ca, u64 pfn, unsigned int *to)
> >
> > this_pfn = PFN(ca->array[min]);
> >
> > - if (this_pfn == pfn)
> > + if (this_pfn == pfn && ca->n > min)
> > return min;
> >
> > return -ENOKEY;
>
> Any thought on this one?
Aha, I see there's another fix queued. Thanks.
Powered by blists - more mailing lists