lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a8eb3ba6-eeab-6c0c-7b57-4fde508853ed@linux.intel.com>
Date: Tue, 21 May 2024 13:06:11 +0300 (EEST)
From: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To: Markus Elfring <Markus.Elfring@....de>
cc: Hans de Goede <hdegoede@...hat.com>, 
    Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>, 
    platform-driver-x86@...r.kernel.org, kernel-janitors@...r.kernel.org, 
    Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>, 
    Zhang Rui <rui.zhang@...el.com>, LKML <linux-kernel@...r.kernel.org>, 
    Dan Carpenter <dan.carpenter@...aro.org>, 
    Dan Carpenter <error27@...il.com>
Subject: Re: [v2] platform/x86: ISST: fix use-after-free in
 tpmi_sst_dev_remove()

On Tue, 21 May 2024, Markus Elfring wrote:

> >>>> …
> >>>>> Fix this by reordering the kfree() post the dereference.
> …
> > The original wording of the commit message really is fine as is,
> > I see no need for Harshit to send a new version and I plan to
> > merge this as is.
> 
> Are there opportunities remaining to improve the discussed wording?
> 
> 1. https://en.wiktionary.org/wiki/post#Etymology_1
> 
> 2. https://en.wiktionary.org/wiki/reorder
> 
> 3. Function call indication?
>    https://elixir.bootlin.com/linux/v6.9.1/source/mm/slub.c#L4371
> 
> 4. Rephrasing of “Fix this by …”?
> 
> 5. https://en.wikipedia.org/wiki/Dangling_pointer#Cause_of_dangling_pointers
> 
> 6. https://wiki.sei.cmu.edu/confluence/display/c/MEM30-C.+Do+not+access+freed+memory#MEM30C.Donotaccessfreedmemory-AutomatedDetection
> 
> 7. https://en.wikipedia.org/wiki/Code_sanitizer#KernelAddressSanitizer

We'll not waste our time in wordsmithing commit messages to perfection, 
the current one is good enough as was stated to you already.

-- 
 i.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ