| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZJRh9o1a0k0yMbOG@smile.fi.intel.com>
Date: Thu, 22 Jun 2023 18:00:06 +0300
From: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
To: Armin Wolf <W_Armin@....de>
Cc: Barnabás Pőcze <pobrn@...tonmail.com>,
Hans de Goede <hdegoede@...hat.com>,
platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org,
Mark Gross <markgross@...nel.org>
Subject: Re: [PATCH v1 1/2] platform/x86: wmi: Break possible infinite loop
when parsing GUID
On Thu, Jun 22, 2023 at 11:43:20AM +0300, Andy Shevchenko wrote:
> On Wed, Jun 21, 2023 at 11:50:51PM +0200, Armin Wolf wrote:
...
> I think that WARN_ON() is a bit bogus. First of all, it can be easily
> transformed to BUG()-equivalent with panic_on_oops and hence kill the
> entire system. If we need the message about wrong GUID format, it should
> be done elsewhere (modpost ?). I.o.w. we shan't expect that code,
> controlled by us, shoots to our foot.
Additional info. There will be another driver elsewhere that may use similar
API and also needs GUID in device ID table.
Looking into that implementation it seems that validation should be made in
file2alias.c for WMI and reused by that driver.
So, taking into account that we have no wrong IDs so far, I would drop
WARN_ON() here and guarantee that file2alias.c will be changed to validate
the GUID one way or the other.
Would it work? Hans, what is your comment here?
--
With Best Regards,
Andy Shevchenko
Powered by blists - more mailing lists