lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 4 Nov 2022 11:23:17 -0700
From:   Dmitry Torokhov <dmitry.torokhov@...il.com>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     Kunbo Zhang <absoler@...il.nju.edu.cn>, tiwai@...e.de,
        wsa+renesas@...g-engineering.com, linux-kernel@...r.kernel.org,
        linux-input@...r.kernel.org, security@...nel.org
Subject: Re: [PATCH] input: i8042 - fix a double-fetch vulnerability
 introduced by GCC

Hi Greg,

On Fri, Nov 04, 2022 at 11:45:48AM +0100, Greg KH wrote:
> On Fri, Nov 04, 2022 at 03:23:47PM +0800, Kunbo Zhang wrote:
> > As in the source code, the global variable is tested (at line 408) before three assignments of irq_bit, disable_bit and port_name.
> > However, as shown in the following disassembly of i8042_port_close(), 
> > the variable (0x0(%rip)) is fetched and tested three times for each 
> > assignment of irq_bit, disable_bit and port_name.
> 
> There should not be any problem with this as that value does not ever
> change except in rare cases (shutdown or init).

We use this chunk only to establish identity of the port, we do not
expect instances to change while driver operates, so I do not think
there is any concern with re-fetching/re-checking the port while it is
being closed.

Thanks.

-- 
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ