lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aLbGoctnA-Ad-Hxv@hovoldconsulting.com>
Date: Tue, 2 Sep 2025 12:27:45 +0200
From: Johan Hovold <johan@...nel.org>
To: Sudeep Holla <sudeep.holla@....com>
Cc: Cristian Marussi <cristian.marussi@....com>, arm-scmi@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org, Jan Palus <jpalus@...tmail.com>
Subject: Re: [PATCH] firmware: arm_scmi: quirk: fix write to string constant

On Tue, Sep 02, 2025 at 11:16:46AM +0100, Sudeep Holla wrote:
> On Tue, Sep 02, 2025 at 11:59:24AM +0200, Johan Hovold wrote:
> > On Fri, Aug 29, 2025 at 04:29:48PM +0200, Johan Hovold wrote:
> > > On Fri, Aug 29, 2025 at 03:21:52PM +0200, Johan Hovold wrote:

> > > > The quirk version range is typically a string constant and must not be
> > > > modified (e.g. as it may be stored in read-only memory):
> > > > 
> > > > 	Unable to handle kernel write to read-only memory at virtual
> > > > 	address ffffc036d998a947
> > > > 
> > > > Fix the range parsing so that it operates on a copy of the version range
> > > > string, and mark all the quirk strings as const to reduce the risk of
> > > > introducing similar future issues.
> > > 
> > > With Jan's permission, let's add:
> > > 
> > > Reported-by: Jan Palus <jpalus@...tmail.com>
> > > 
> 
> I was hoping to hear back, but I assume silence is kind of acceptance.

I sent the reply with the tag after making sure off-list that Jan was OK
with it. Sorry if that was not clear.

> > Please don't do such (non-trivial) changes without making that clear
> > in the commit message before your Signed-off-by tag:
> > 
> > 	[ sudeep: rewrite commit message; switch to cleanup helpers ]
> > 
> 
> Sorry I meant to do that when I replied and asked you if you are OK
> with cleanup helpers. Also yes I planned to add a line like something
> above before finalizing.

Sounds like a mail has gotten lost since I never saw that question from
you.

I'm fine with using the helpers here even if I'm not generally a fan of
them (e.g. due to declarations in middle of functions).

> > In this case, you also changed the meaning so that the commit message
> > now reads like the sole reason that writing to string constants is wrong
> > is that they may reside in read-only memory.
> 
> Ah, I didn't realise that it changes the meaning now.
> 
> > I used "e.g." on purpose instead of listing further reasons like the
> > fact that string constants may be shared so that parsing of one quirk
> > can subtly break a later one.
> 
> I see your point, will revert to your commit message.

Thanks!

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ