lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 11 Mar 2022 09:18:12 -0800 (PST)
From:   Palmer Dabbelt <palmer@...osinc.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
CC:        linux-kernel@...r.kernel.org, linux-riscv@...ts.infradead.org
Subject: [GIT PULL] RISC-V Fixes for 5.17-rc8

The following changes since commit 74583f1b92cb3bbba1a3741cea237545c56f506c:

  riscv: dts: k210: fix broken IRQs on hart1 (2022-03-03 20:04:21 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git tags/riscv-for-linus-5.17-rc8

for you to fetch changes up to 0966d385830de3470b7131db8e86c0c5bc9c52dc:

  riscv: Fix auipc+jalr relocation range checks (2022-03-10 20:37:44 -0800)

----------------------------------------------------------------
RISC-V Fixes for 5.17-rc8

* A fix to prevent users from enabling the alternatives framework (and
  thus errata handling) on XIP kernels, where runtime code patching does
  not function correctly.
* A fix to properly detect offset overflow for AUIPC-based relocations
  in modules.  This may manifest as modules calling arbitrary invalid
  addresses, depending on the address allocated when a module is loaded.

----------------------------------------------------------------
I know it's pretty late, so no big deal if these don't make it for 5.17.

The module issue is particularly ugly: itcould manifest for the majority of
users, and depends on a bunch of long-term runtime behavior so won't get caught
by simple tests.  The bug has been around forever, though, and it'll likely get
backported either way -- figured there's no reason to wait, though.

----------------------------------------------------------------
Emil Renner Berthing (1):
      riscv: Fix auipc+jalr relocation range checks

Jisheng Zhang (1):
      riscv: alternative only works on !XIP_KERNEL

 arch/riscv/Kconfig.erratas |  1 +
 arch/riscv/Kconfig.socs    |  4 ++--
 arch/riscv/kernel/module.c | 21 ++++++++++++++++-----
 3 files changed, 19 insertions(+), 7 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ