| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2fe4e8f0-5aa5-a89b-2f42-e179b218e7cc@linaro.org>
Date: Fri, 11 Aug 2023 11:39:52 +0100
From: Bryan O'Donoghue <bryan.odonoghue@...aro.org>
To: Vikash Garodia <quic_vgarodia@...cinc.com>,
stanimir.k.varbanov@...il.com, agross@...nel.org,
andersson@...nel.org, konrad.dybcio@...aro.org, mchehab@...nel.org,
hans.verkuil@...co.com, tfiga@...omium.org
Cc: linux-media@...r.kernel.org, linux-arm-msm@...r.kernel.org,
linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH v2 3/4] venus: hfi: add checks to handle capabilities from
firmware
On 11/08/2023 09:51, Vikash Garodia wrote:
>
> On 8/11/2023 2:11 PM, Bryan O'Donoghue wrote:
>> On 11/08/2023 06:54, Vikash Garodia wrote:
>>> The case is all about rogue firmware. If there is a need to fill the same cap
>>> again, that itself indicates that the payload from firmware is not correct. In
>>> such cases, the old as well as new cap data are not reliable. Though the
>>> authenticity of the data cannot be ensured, the check would avoid any OOB during
>>> such rogue firmware case.
>>
>> Then why favour the old cap report over the new ?
>
> When the driver hits the case for OOB, thats when it knows that something has
> gone wrong. Keeping old or new, both are invalid values in such case, nothing to
> favor any value.
>
> Regards,
> Vikash
Is this hypothetical or a real bug you are actually working to mitigate ?
---
bod
Powered by blists - more mailing lists