| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Mar 2023 07:49:36 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Nikita Zhandarovich <n.zhandarovich@...tech.ru>,
Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH v2] x86/mm: Fix use of uninitialized buffer in
sme_enable()
On 3/6/23 10:06, Nikita Zhandarovich wrote:
> cmdline_find_option() may fail before doing any initialization of
> buffer array. This may lead to unpredictable results when the same
> buffer is used later in calls to strncmp() function.
> Fix the issue by returning early if cmdline_find_option() returns -1.
>
> Found by Linux Verification Center (linuxtesting.org) with static analysis
> tool SVACE.
>
> Fixes: aca20d546214 ("x86/mm: Add support to make use of Secure Memory Encryption")
> Signed-off-by: Nikita Zhandarovich <n.zhandarovich@...tech.ru>
Acked-by: Tom Lendacky <thomas.lendacky@....com>
> ---
> v2: per Borislav Petkov's <bp@...en8.de> remarks:
> - return early if cmdline_find_options() fails with -1 instead of zeroing out
> buffer;
> - use correct Fixes: commit hash
>
> arch/x86/mm/mem_encrypt_identity.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
> index 88cccd65029d..c6efcf559d88 100644
> --- a/arch/x86/mm/mem_encrypt_identity.c
> +++ b/arch/x86/mm/mem_encrypt_identity.c
> @@ -600,7 +600,8 @@ void __init sme_enable(struct boot_params *bp)
> cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
> ((u64)bp->ext_cmd_line_ptr << 32));
>
> - cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer));
> + if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
> + return;
>
> if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
> sme_me_mask = me_mask;
Powered by blists - more mailing lists