| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZoxOHxHze2ynJS-q@bombadil.infradead.org> Date: Mon, 8 Jul 2024 13:37:51 -0700 From: Luis Chamberlain <mcgrof@...nel.org> To: Danilo Krummrich <dakr@...hat.com> Cc: russ.weight@...ux.dev, gregkh@...uxfoundation.org, chrisi.schrefl@...il.com, linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org, Gary Guo <gary@...yguo.net> Subject: Re: [PATCH v2 2/2] firmware_loader: fix soundness issue in `request_internal` On Mon, Jul 08, 2024 at 10:07:21PM +0200, Danilo Krummrich wrote: > `request_internal` must be called with one of the following function > pointers: request_firmware(), firmware_request_nowarn(), > firmware_request_platform() or request_firmware_direct(). > > The previous `FwFunc` alias did not guarantee this, which is unsound. > > In order to fix this up, implement `FwFunc` as new type with a > corresponding type invariant. > > Reported-by: Gary Guo <gary@...yguo.net> > Closes: https://lore.kernel.org/lkml/20240620143611.7995e0bb@eugeo/ > Signed-off-by: Danilo Krummrich <dakr@...hat.com> While you're at it, can you go ahead and extend out selftest coverage for the firmware_loader so we can test Rust too? Could these issues have been caught with a selftest? If not why not? Luis
Powered by blists - more mailing lists