lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <f69305de-b3f1-46ee-b8b5-a20729c8c1bb@app.fastmail.com>
Date:   Mon, 29 May 2023 10:03:02 -0400
From:   "Mark Pearson" <mpearson-lenovo@...ebb.ca>
To:     Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
Cc:     "Hans de Goede" <hdegoede@...hat.com>,
        "markgross@...nel.org" <markgross@...nel.org>,
        "platform-driver-x86@...r.kernel.org" 
        <platform-driver-x86@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 5/5] platform/x86: think-lmi: mutex protection around multiple
 WMI calls

Hi Ilpo,

On Mon, May 29, 2023, at 8:23 AM, Ilpo Järvinen wrote:
> On Fri, 26 May 2023, Mark Pearson wrote:
>
>> Add mutex protection around cases where an operation needs multiple
>> WMI calls - e.g. setting password.
>
> So you need this feature already for Patch 1/5? If that's the case, you 
> should reorder the patches and put it before 1/5.

You're right....I was being lazy and just adding it to the end of the series as it was easier. I can re-order.

As a side note, the chances of two people changing things on a system at the same time is rather unlikely - it just doesn't make sense as it's something done by an administrator. But a fix is a fix.

>
> That "e.g. setting password" sounds vague enough that I'm left to wonder 
> if there are other cases in the driver which need locking too. It would be 
> useful to be precise with wording here. It will help immensely when 
> somebody looks this changelog 5 years from now if you explain all cases 
> that need locking up front.

OK. There are two cases and I can list both cases explicitly.

>
> So, is this needed also for some existing code, then Fixes tag might be in 
> order? (I'm looking e.g. that cert auth block in current_value_store() 
> which also does more than one call).

True - I can add that. 

Thanks for the review. I'll hold off a couple of days before making those changes in case there is any feedback

Mark

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ