lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2026010830-overgrown-bouncing-422a@gregkh>
Date: Thu, 8 Jan 2026 09:18:14 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: "Usyskin, Alexander" <alexander.usyskin@...el.com>
Cc: "Abliyev, Reuven" <reuven.abliyev@...el.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: [char-misc v2] mei: trace: treat reg parameter as string

On Thu, Jan 08, 2026 at 09:17:12AM +0100, Greg Kroah-Hartman wrote:
> On Thu, Jan 08, 2026 at 07:59:08AM +0000, Usyskin, Alexander wrote:
> > > Subject: Re: [char-misc v2] mei: trace: treat reg parameter as string
> > > 
> > > On Thu, Jan 08, 2026 at 07:42:22AM +0000, Usyskin, Alexander wrote:
> > > > > Subject: Re: [char-misc v2] mei: trace: treat reg parameter as string
> > > > >
> > > > > On Thu, Jan 08, 2026 at 08:57:02AM +0200, Alexander Usyskin wrote:
> > > > > > Use the string wrapper to check sanity of the reg parameters,
> > > > > > store it value independently and prevent internal kernel data leaks.
> > > > > > Trace subsystem refuses to emit event with plain char*,
> > > > > > without the wrapper.
> > > > > >
> > > > > > Cc: stable@...r.kernel.org
> > > > >
> > > > > Does this really fix a bug?  If not, there's no need for cc: stable or:
> > > > >
> > > > > > Fixes: a0a927d06d79 ("mei: me: add io register tracing")
> > > > >
> > > > > That line as well.
> > > > >
> > > > > thanks,
> > > > >
> > > > > greg k-h
> > > >
> > > > Without this patch the events are not emitted at all, they are dropped
> > > > by trace security checker.
> > > 
> > > Ah, again, that was not obvious at all from the changelog.  Perhaps
> > > reword it a bit?  How has this ever worked?
> > > 
> > 
> > This security hardening was introduced way after the initial commit
> > and the breakage went unnoticed for some time, unfortunately.
> 
> So then the "Fixes:" tag is not correct :(

Wait, no, it is, but you need to say why this is now needed, and was not
a problem back then.  And is this really ok to backport all the way to
that commit id, or should it just be relegated to the one where the
"hardening" feature was added?

thanks,
greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ