| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20211102102137.GB7512@alpha.franken.de>
Date: Tue, 2 Nov 2021 11:21:37 +0100
From: Thomas Bogendoerfer <tsbogend@...ha.franken.de>
To: Geert Uytterhoeven <geert+renesas@...der.be>
Cc: Markos Chandras <markos.chandras@...tec.com>,
Ralf Baechle <ralf@...ux-mips.org>, linux-mips@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mips: cm: Convert to bitfield API to fix out-of-bounds
access
On Fri, Oct 29, 2021 at 11:58:16AM +0200, Geert Uytterhoeven wrote:
> mips_cm_error_report() extracts the cause and other cause from the error
> register using shifts. This works fine for the former, as it is stored
> in the top bits, and the shift will thus remove all non-related bits.
> However, the latter is stored in the bottom bits, hence thus needs masking
> to get rid of non-related bits. Without such masking, using it as an
> index into the cm2_causes[] array will lead to an out-of-bounds access,
> probably causing a crash.
>
> Fix this by using FIELD_GET() instead. Bite the bullet and convert all
> MIPS CM handling to the bitfield API, to improve readability and safety.
>
> Fixes: 3885c2b463f6a236 ("MIPS: CM: Add support for reporting CM cache errors")
> Signed-off-by: Geert Uytterhoeven <geert+renesas@...der.be>
> ---
> Compile-tested only, but assembler output before/after compared.
> ---
> arch/mips/include/asm/mips-cm.h | 12 ++++++------
> arch/mips/kernel/mips-cm.c | 21 ++++++++++-----------
> 2 files changed, 16 insertions(+), 17 deletions(-)
applied to mips-next.
Thomas.
--
Crap can work. Given enough thrust pigs will fly, but it's not necessarily a
good idea. [ RFC1925, 2.3 ]
Powered by blists - more mailing lists