| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Oct 2019 13:31:14 -0500
From: Kangjie Lu <kjlu@....edu>
To: kjlu@....edu
Cc: "Rafael J. Wysocki" <rjw@...ysocki.net>,
Len Brown <lenb@...nel.org>, linux-acpi@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] acpi: fix potential race conditions bypassing checks
"obj" is a local variable. Elements are deep-copied from external
package to obj and security-checked. The original code is
seemingly fine; however, compilers optimize the deep copies into
shallow copies, introducing potential race conditions. For
example, the checks for type and length may be bypassed. The fix
tells compilers to not optimize the deep copy by inserting
"volatile".
Signed-off-by: Kangjie Lu <kjlu@....edu>
---
drivers/acpi/processor_throttling.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/processor_throttling.c b/drivers/acpi/processor_throttling.c
index 532a1ae3595a..6f4d86f8a9ce 100644
--- a/drivers/acpi/processor_throttling.c
+++ b/drivers/acpi/processor_throttling.c
@@ -413,7 +413,7 @@ static int acpi_processor_get_throttling_control(struct acpi_processor *pr)
acpi_status status = 0;
struct acpi_buffer buffer = { ACPI_ALLOCATE_BUFFER, NULL };
union acpi_object *ptc = NULL;
- union acpi_object obj = { 0 };
+ volatile union acpi_object obj = { 0 };
struct acpi_processor_throttling *throttling;
status = acpi_evaluate_object(pr->handle, "_PTC", NULL, &buffer);
--
2.17.1
Powered by blists - more mailing lists