lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <da2a3e18-80e0-4aca-bbc7-45c1353217d3@linaro.org>
Date: Wed, 26 Nov 2025 12:11:05 +0000
From: James Clark <james.clark@...aro.org>
To: Leo Yan <leo.yan@....com>, Kuan-Wei Chiu <visitorckw@...il.com>
Cc: suzuki.poulose@....com, mike.leach@...aro.org,
 alexander.shishkin@...ux.intel.com, pratikp@...eaurora.org,
 mathieu.poirier@...aro.org, gregkh@...uxfoundation.org,
 jserv@...s.ncku.edu.tw, marscheng@...gle.com, ericchancf@...gle.com,
 milesjiang@...gle.com, nickpan@...gle.com, coresight@...ts.linaro.org,
 linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] coresight: etm3x: Fix buffer overwrite in cntr_val_show()



On 26/11/2025 12:09 pm, Leo Yan wrote:
> On Fri, Nov 21, 2025 at 12:23:50AM +0000, Kuan-Wei Chiu wrote:
> 
> [...]
> 
>> I noticed this issue while browsing the coresight code after attending
>> a technical talk on the subject. This code dates back to the initial
>> driver submission over 10 years ago, so I was surprised it hadn't been
>> caught earlier. Although I cannot perform runtime testing, the logic
>> error seems obvious to me, so I still decided to submit this patch.
> 
> I have a question for maintainers.
> 
> The ETMv4 architecture specification shows that ETMv4 was released as
> a non-confidential module in May 2013 (with the confidential release
> even a year earlier). So ETMv4 has been a public IP for more than 12+
> years, and ETMv3 has been gradually retired since then.
> 
> This fix can still be applied to older kernels, but seems to me that
> now might be an appropriate time to consider removing the ETMv3 driver
> from the mainline kernel?
> 
> Thanks,
> Leo

Yeah, if anyone is using it it would be on an old kernel surely?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ