| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Jun 2023 11:43:20 +0300
From: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
To: Armin Wolf <W_Armin@....de>
Cc: Barnabás Pőcze <pobrn@...tonmail.com>,
Hans de Goede <hdegoede@...hat.com>,
platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org,
Mark Gross <markgross@...nel.org>
Subject: Re: [PATCH v1 1/2] platform/x86: wmi: Break possible infinite loop
when parsing GUID
On Wed, Jun 21, 2023 at 11:50:51PM +0200, Armin Wolf wrote:
> Am 21.06.23 um 23:29 schrieb Barnabás Pőcze:
> > 2023. június 21., szerda 23:20 keltezéssel, Armin Wolf <W_Armin@....de> írta:
[...]
> > > > - if (WARN_ON(guid_parse(id->guid_string, &driver_guid)))
> > >
> > > just an idea: how about printing an error/debug message in case of an
> > > malformed GUID? This could be useful when searching for typos in GUIDs
> > > used by WMI drivers.
[...]
> > Wouldn't it be better to change `__wmi_driver_register()` to check that?
>
> Good point, i guess we can just forget this idea. The original motivation for
> it was the WARN_ON() inside wmi_dev_match(), but your right that this is the
> wrong place to check the GUID formating.
I'm not sure what do you want me to do since patches are tested already.
I think that WARN_ON() is a bit bogus. First of all, it can be easily
transformed to BUG()-equivalent with panic_on_oops and hence kill the
entire system. If we need the message about wrong GUID format, it should
be done elsewhere (modpost ?). I.o.w. we shan't expect that code,
controlled by us, shoots to our foot.
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists