| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251031123215.GCaQSsT-TMmfz_Ot8b@fat_crate.local>
Date: Fri, 31 Oct 2025 13:32:15 +0100
From: Borislav Petkov <bp@...en8.de>
To: neqbal <nooraineqbal@...il.com>
Cc: dave.hansen@...ux.intel.com, luto@...nel.org, peterz@...radead.org,
tglx@...utronix.de, mingo@...hat.com, x86@...nel.org,
linux-kernel@...r.kernel.org,
syzbot+e34177f6091df113ef20@...kaller.appspotmail.com
Subject: Re: [PATCH] x86/mm: Fix off-by-one error in set_memory
On Sun, Sep 28, 2025 at 04:06:52AM +0530, neqbal wrote:
> Correct end page calculation by subtracting 1 to prevent
> out-of-bounds access.
>
> Reported-by: syzbot+e34177f6091df113ef20@...kaller.appspotmail.com
> Signed-off-by: neqbal <nooraineqbal@...il.com>
> ---
> arch/x86/mm/pat/set_memory.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
> index d2d54b8c4dbb..daefc96403f1 100644
> --- a/arch/x86/mm/pat/set_memory.c
> +++ b/arch/x86/mm/pat/set_memory.c
> @@ -446,7 +446,7 @@ static void cpa_flush(struct cpa_data *cpa, int cache)
> }
>
> start = fix_addr(__cpa_addr(cpa, 0));
> - end = fix_addr(__cpa_addr(cpa, cpa->numpages));
> + end = fix_addr(__cpa_addr(cpa, cpa->numpages - 1));
> if (cpa->force_flush_all)
> end = TLB_FLUSH_ALL;
>
> --
I guess this got fixed differently:
f25785f9b088 ("x86/mm: Fix overflow in __cpa_addr()")
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists