lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMj1kXGswMfSXYmr=LyAOusYjq6eLqC9oPRRCEaR-1u-kFu4Hw@mail.gmail.com>
Date:   Wed, 9 Nov 2022 10:07:00 +0100
From:   Ard Biesheuvel <ardb@...nel.org>
To:     Alexandru Elisei <alexandru.elisei@....com>
Cc:     catalin.marinas@....com, will@...nel.org,
        linux-efi@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        linux-kernel@...r.kernel.org
Subject: Re: [Possible BUG] arm64: efi: efi_runtime_fixup_exception() and
 efi_call_virt_check_flags() both taint the kernel

On Tue, 8 Nov 2022 at 11:10, Alexandru Elisei <alexandru.elisei@....com> wrote:
>
...
>
> Speaking as an user, I think it would be nice to revert the commit, that's
> how I am running v6.1-rcX kernels on the machine, as updating the firmware
> is not feasible right now. But I realize that I'm not the one maintaining
> the code, so I don't have a strong opinion about it :) And it's better now
> than it was at rc3, when the kernel was panicing.
>

I sent out a patch yesterday that tweaks the sync exception fixup
handler to only disable the runtime service that triggered the
exception. This means, of course, that you might hit it multiple times
if several runtime service implementations are buggy, but there are
only five or so that we actually use, so that shouldn't make a huge
difference. But it also means a) we don't trigger other code paths
that freak out when a runtime service that was available suddenly goes
away and b) the diagnostics are more useful because we will find out
which other runtime services are broken.

Could you please test that patch? And for good measure, could you try
something like

efibootmgr -t 3

(as root) to exercise the SetVariable() path as well?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ