Re: [PATCH 5.4 / 5.10] firmware: arm_scmi: Harden accesses to the reset domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, May 13, 2024 at 10:22:21AM +0100, Sudeep Holla wrote:
> On Mon, May 13, 2024 at 09:38:37AM +0900, Dominique Martinet wrote:
> > From: Cristian Marussi <cristian.marussi@xxxxxxx>
> >
> > [ Upstream commit e9076ffbcaed5da6c182b144ef9f6e24554af268 ]
> >
> > Accessing reset domains descriptors by the index upon the SCMI drivers
> > requests through the SCMI reset operations interface can potentially
> > lead to out-of-bound violations if the SCMI driver misbehave.
> >
> > Add an internal consistency check before any such domains descriptors
> > accesses.
> >
> > Link: https://lore.kernel.org/r/20220817172731.1185305-5-cristian.marussi@xxxxxxx
> > Signed-off-by: Cristian Marussi <cristian.marussi@xxxxxxx>
> > Signed-off-by: Sudeep Holla <sudeep.holla@xxxxxxx>
> > Signed-off-by: Dominique Martinet <dominique.martinet@xxxxxxxxxxxxxxxxx>
> > ---
> > This is the backport I promised for CVE-2022-48655[1]
> > [1] https://lkml.kernel.org/r/Zj4t4q_w6gqzdvhz@xxxxxxxxxxxxx
> >
> 
> The backport looks good and thanks for doing that. Sometimes since we
> know all the users are in the kernel, we tend to ignore the facts that
> they need to be backport as this was considered as theoretical issue when
> we pushed the fix. We try to keep that in mind and add fixes tag more
> carefully in the future. Thanks for your effort and bring this to our
> attention.

Now queued up, thanks

greg k-h




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux