lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <95d0aa18-0c09-4b00-824d-3078548ddfcd@ghiti.fr>
Date: Wed, 13 Aug 2025 14:13:16 +0200
From: Alexandre Ghiti <alex@...ti.fr>
To: Radim Krčmář <rkrcmar@...tanamicro.com>,
 bpf@...r.kernel.org
Cc: Alexei Starovoitov <ast@...nel.org>,
 Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>,
 Martin KaFai Lau <martin.lau@...ux.dev>, Eduard Zingerman
 <eddyz87@...il.com>, Song Liu <song@...nel.org>,
 Yonghong Song <yonghong.song@...ux.dev>,
 John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>,
 Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>,
 Jiri Olsa <jolsa@...nel.org>, Björn Töpel
 <bjorn@...nel.org>, Pu Lehui <pulehui@...wei.com>,
 Puranjay Mohan <puranjay@...nel.org>,
 Paul Walmsley <paul.walmsley@...ive.com>, Palmer Dabbelt
 <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>,
 Kumar Kartikeya Dwivedi <memxor@...il.com>, linux-riscv@...ts.infradead.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/2] riscv, bpf: fix reads of thread_info.cpu

Hi Radim,

On 8/12/25 15:09, Radim Krčmář wrote:
> 2025-08-12T13:37:16+02:00, Alexandre Ghiti <alex@...ti.fr>:
>> @Radim: This is the third similar bug, did you check all assembly code
>> (and bpf) to make sure we don't have anymore left or should I?
> I looked at load/store instructions, including bpf, and focussed on
> patterns where we access non-xlen sized data through an offset.
>
> (Nothing else popped up, but I mostly used grep and cscope as I don't
>   know of any semantic tool, so my confidence levels are low.)


Ok thanks, I don't have any better idea than eye scrubbing so I'll take 
another look to improve our confidence. One good thing is that now I 
don't let them pass in reviews :)

Thanks for noticing this class of bugs!

Alex


>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ