lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210219113537.GA492321@xiangao.remote.csb>
Date:   Fri, 19 Feb 2021 19:35:37 +0800
From:   Gao Xiang <hsiangkao@...hat.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-erofs@...ts.ozlabs.org, LKML <linux-kernel@...r.kernel.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Al Viro <viro@...iv.linux.org.uk>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Miao Xie <miaoxie@...wei.com>, Chao Yu <yuchao0@...wei.com>,
        Fang Wei <fangwei1@...wei.com>,
        Li Guifu <bluce.liguifu@...wei.com>,
        Huang Jianan <huangjianan@...o.com>,
        Guo Weichao <guoweichao@...o.com>,
        Gao Xiang <hsiangkao@...hat.com>
Subject: [GIT PULL] erofs update for 5.12-rc1

Hi Linus,

Could you consider this pull request for 5.12-rc1?

This contains a somewhat important but rarely reproduced fix
reported month ago for platforms which have weak memory model
(e.g. arm64). The root cause is that test_bit/set_bit atomic
operations are actually implemented in relaxed forms, and
uninitialized fields governed by an atomic bit could be observed
in advance due to memory reordering thus memory barrier pairs
should be used. There is also a trivial fix of crafted blkszbits
generated by syzkaller.

All commits have been tested and have been in linux-next for
more than a week. This merges cleanly with master.

Thanks,
Gao Xiang

The following changes since commit 19c329f6808995b142b3966301f217c831e7cf31:

  Linux 5.11-rc4 (2021-01-17 16:37:05 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs.git tags/erofs-for-5.12-rc1

for you to fetch changes up to ce063129181312f8781a047a50be439c5859747b:

  erofs: initialized fields can only be observed after bit is set (2021-02-11 11:55:28 +0800)

----------------------------------------------------------------
Changes since last update:

 - fix shift-out-of-bounds of crafted blkszbits generated by syzkaller;

 - ensure initialized fields can only be observed after bit is set.

----------------------------------------------------------------
Gao Xiang (2):
      erofs: fix shift-out-of-bounds of blkszbits
      erofs: initialized fields can only be observed after bit is set

 fs/erofs/super.c |  4 ++--
 fs/erofs/xattr.c | 10 +++++++++-
 fs/erofs/zmap.c  | 10 +++++++++-
 3 files changed, 20 insertions(+), 4 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ