lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 29 Jun 2019 17:13:04 +0200 (CEST)
From:   Thomas Gleixner <>
To:     Linus Torvalds <>
cc:     LKML <>,
Subject: [GIT pull] smp fixes for 5.2


please pull the latest smp-urgent-for-linus git tree from:

   git:// smp-urgent-for-linus

up to:  33d4a5a7a5b4: cpu/hotplug: Fix out-of-bounds read when setting fail state

Two small changes for the cpu hotplug code:

    - Prevent out of bounds access which actually might crash the machine
      caused by a missing bounds check in the fail injection code
    - Warn about unsupported migitation mode command line arguments to make
      people aware that they typoed the paramater. Not necessarily a fix
      but quite some people tripped over that.



Eiichi Tsukata (1):
      cpu/hotplug: Fix out-of-bounds read when setting fail state

Geert Uytterhoeven (1):
      cpu/speculation: Warn on unsupported mitigations= parameter

 kernel/cpu.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/kernel/cpu.c b/kernel/cpu.c
index 077fde6fb953..ef1c565edc5d 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -1964,6 +1964,9 @@ static ssize_t write_cpuhp_fail(struct device *dev,
 	if (ret)
 		return ret;
+	if (fail < CPUHP_OFFLINE || fail > CPUHP_ONLINE)
+		return -EINVAL;
 	 * Cannot fail STARTING/DYING callbacks.
@@ -2339,6 +2342,9 @@ static int __init mitigations_parse_cmdline(char *arg)
 		cpu_mitigations = CPU_MITIGATIONS_AUTO;
 	else if (!strcmp(arg, "auto,nosmt"))
 		cpu_mitigations = CPU_MITIGATIONS_AUTO_NOSMT;
+	else
+		pr_crit("Unsupported mitigations=%s, system may still be vulnerable\n",
+			arg);
 	return 0;

Powered by blists - more mailing lists