| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YkAuqiHAEaDLHDAO@kroah.com>
Date: Sun, 27 Mar 2022 11:30:18 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
stable <stable@...r.kernel.org>,
Halil Pasic <pasic@...ux.ibm.com>,
Christoph Hellwig <hch@....de>
Subject: Re: [PATCH 5.10 11/38] swiotlb: rework "fix info leak with
DMA_FROM_DEVICE"
On Sat, Mar 26, 2022 at 11:41:17AM -0700, Linus Torvalds wrote:
> On Sat, Mar 26, 2022 at 3:18 AM Greg Kroah-Hartman
> <gregkh@...uxfoundation.org> wrote:"
> >
> > Yes, I've been watching that thread. This change is already in 5.15 and
> > 5.16 kernels, and does solve one known security issue, so it's a tough
> > call.
>
> If you're following that thread, you'll have seen that I've reverted
> it, and I actually think the security argument was bogus - the whole
> commit was due to a misunderstanding of the actual direction of the
> data transfer.
I see that now, thanks.
But why did you just revert that commit, and not the previous one (i.e.
the one that this one "fixes")? Shouldn't ddbd89deb7d3 ("swiotlb: fix
info leak with DMA_FROM_DEVICE") also be dropped?
I'm going to drop both from the 5.4 and 5.10 stable queues now, and add
your revert, but I think your tree also needs the original swiotlb fix
commit reverted to get back to a "known good" state.
thanks,
greg k-h
Powered by blists - more mailing lists