lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <557a7deb-1c38-495d-98d0-b1b2a008d99e@amd.com>
Date: Thu, 5 Dec 2024 11:15:08 +0530
From: Raghavendra K T <raghavendra.kt@....com>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
 "Huang, Ying" <ying.huang@...ux.alibaba.com>
Cc: linux-kernel@...r.kernel.org, linux-cxl@...r.kernel.org, bharata@....com,
 Andrew Morton <akpm@...ux-foundation.org>,
 Dan Williams <dan.j.williams@...el.com>, David Hildenbrand
 <david@...hat.com>, Davidlohr Bueso <dave@...olabs.net>,
 Jonathan Cameron <jonathan.cameron@...wei.com>,
 Dave Jiang <dave.jiang@...el.com>,
 Alison Schofield <alison.schofield@...el.com>,
 Vishal Verma <vishal.l.verma@...el.com>, Ira Weiny <ira.weiny@...el.com>,
 Alistair Popple <apopple@...dia.com>, Bjorn Helgaas <bhelgaas@...gle.com>,
 Baoquan He <bhe@...hat.com>, ilpo.jarvinen@...ux.intel.com,
 Mika Westerberg <mika.westerberg@...ux.intel.com>,
 Fontenot Nathan <Nathan.Fontenot@....com>, Wei Huang <wei.huang2@....com>
Subject: Re: [RFC PATCH] resource: Fix CXL node not populated issue



On 12/4/2024 10:14 AM, Raghavendra K T wrote:
> 
> 
>>>>
>>>> (*) in general fixes are better than reverts, but depends on the 
>>>> timing in
>>>>      the release cycle the revert may be the only option.
>>>
>>> I don't think that the timing is so tight that we should not work on
>>> proper fix firstly.  I'm trying to work with the reporter on this.
>>
>> I agree on this, please do.
>>
>>> BTW, the commit b4afe4183ec7 ("resource: fix region_intersects() vs
>>> add_memory_driver_managed()") fixed a security related bug.  The bug
>>> weakened the protection to prevent users read/write system memory via
>>> /dev/mem.  So, IMO, we need to be more careful about this.
>>
>> My point was that the regression is obvious and it needs to be fixed.
>> That's all. Revert is a last resort in this sense.
>>
> 
> I agree in general to both of your comment. (i.e. since this bisected
> commit had security fix, we shall try to get better fix than a close to
> revert).
> 
>   I am trying to work on this, but it is a bit slow on my side.
> 

I will try to get a fix that retains old bugfix and works well for me too.
Since it is reproduced only on this shared system, I will get hold of
this system next week, and work towards a fix.

Thanks and Regards
- Raghu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ