| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200115042507.GE3719@kadam>
Date: Wed, 15 Jan 2020 07:25:07 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Colin Ian King <colin.king@...onical.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H . Peter Anvin" <hpa@...or.com>, x86@...nel.org,
kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/microcode/amd: fix uninitalized structure cp
On Tue, Jan 14, 2020 at 04:01:53PM +0100, Borislav Petkov wrote:
> On Tue, Jan 14, 2020 at 02:08:50PM +0000, Colin Ian King wrote:
> > If I understand the question, it seems that get_builtin_microcode()
> > tries to load in the appropriate amd microcode binary from the cpio data
> > and this can potentially fail if the microcode is not provided for the
> > specific processor family, so I believe this is a legitimate fix.
>
> If the microcode for the specific processor family is not provided,
> get_builtin_firmware() will return false and then we'll call
> find_microcode_in_initrd() which will definitely return either a proper
> pointer or a NULL-initialized cpio_data struct.
>
> So I still don't see it.
It's probably complaining that cp.name[] isn't initialized. UBSan will
probably generate a warning at runtime when we do:
*ret = cp;
But otherwise it's harmless.
regards,
dan carpenter
Powered by blists - more mailing lists