lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250902-axiomatic-salamander-of-reputation-d70aa8@sudeepholla>
Date: Tue, 2 Sep 2025 11:16:46 +0100
From: Sudeep Holla <sudeep.holla@....com>
To: Johan Hovold <johan@...nel.org>
Cc: Cristian Marussi <cristian.marussi@....com>, arm-scmi@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	Sudeep Holla <sudeep.holla@....com>, stable@...r.kernel.org,
	Jan Palus <jpalus@...tmail.com>
Subject: Re: [PATCH] firmware: arm_scmi: quirk: fix write to string constant

On Tue, Sep 02, 2025 at 11:59:24AM +0200, Johan Hovold wrote:
> Hi Sudeep,
> 
> On Fri, Aug 29, 2025 at 04:29:48PM +0200, Johan Hovold wrote:
> > On Fri, Aug 29, 2025 at 03:21:52PM +0200, Johan Hovold wrote:
> > > The quirk version range is typically a string constant and must not be
> > > modified (e.g. as it may be stored in read-only memory):
> > > 
> > > 	Unable to handle kernel write to read-only memory at virtual
> > > 	address ffffc036d998a947
> > > 
> > > Fix the range parsing so that it operates on a copy of the version range
> > > string, and mark all the quirk strings as const to reduce the risk of
> > > introducing similar future issues.
> > 
> > With Jan's permission, let's add:
> > 
> > Reported-by: Jan Palus <jpalus@...tmail.com>
> > 

I was hoping to hear back, but I assume silence is kind of acceptance.

> > > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220437
> > > Fixes: 487c407d57d6 ("firmware: arm_scmi: Add common framework to handle firmware quirks")
> > > Cc: stable@...r.kernel.org	# 6.16
> > > Cc: Cristian Marussi <cristian.marussi@....com>
> > > Signed-off-by: Johan Hovold <johan@...nel.org>
> 
> I noticed that you picked up this fix yesterday but also that you
> rewrote the commit message and switched using cleanup helpers.
> 
> Please don't do such (non-trivial) changes without making that clear
> in the commit message before your Signed-off-by tag:
> 
> 	[ sudeep: rewrite commit message; switch to cleanup helpers ]
> 

Sorry I meant to do that when I replied and asked you if you are OK
with cleanup helpers. Also yes I planned to add a line like something
above before finalizing.

> In this case, you also changed the meaning so that the commit message
> now reads like the sole reason that writing to string constants is wrong
> is that they may reside in read-only memory.
> 

Ah, I didn't realise that it changes the meaning now.

> I used "e.g." on purpose instead of listing further reasons like the
> fact that string constants may be shared so that parsing of one quirk
> can subtly break a later one.
>

I see your point, will revert to your commit message.

-- 
Regards,
Sudeep

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ