| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <194fe121-151d-0b64-b83e-e4d82c02efa7@xilinx.com>
Date: Tue, 6 Aug 2019 08:41:55 +0200
From: Michal Simek <michal.simek@...inx.com>
To: Luis Araneda <luaraneda@...il.com>, linux@...linux.org.uk,
michal.simek@...inx.com
Cc: stable@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] ARM: zynq: Use memcpy_toio instead of memcpy on smp
bring-up
On 06. 08. 19 5:07, Luis Araneda wrote:
> This fixes a kernel panic (read overflow) on memcpy when
> FORTIFY_SOURCE is enabled.
>
> The computed size of memcpy args are:
> - p_size (dst): 4294967295 = (size_t) -1
> - q_size (src): 1
> - size (len): 8
>
> Additionally, the memory is marked as __iomem, so one of
> the memcpy_* functions should be used for read/write
>
> Signed-off-by: Luis Araneda <luaraneda@...il.com>
> ---
> arch/arm/mach-zynq/platsmp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/arm/mach-zynq/platsmp.c b/arch/arm/mach-zynq/platsmp.c
> index 38728badabd4..a10085be9073 100644
> --- a/arch/arm/mach-zynq/platsmp.c
> +++ b/arch/arm/mach-zynq/platsmp.c
> @@ -57,7 +57,7 @@ int zynq_cpun_start(u32 address, int cpu)
> * 0x4: Jump by mov instruction
> * 0x8: Jumping address
> */
> - memcpy((__force void *)zero, &zynq_secondary_trampoline,
> + memcpy_toio(zero, &zynq_secondary_trampoline,
> trampoline_size);
> writel(address, zero + trampoline_size);
>
I would consider this one as stable material. Please also add there link
to the patch which this patch fixes.
M
Powered by blists - more mailing lists