Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, 6 Jan 2018 10:01:54 +0100 Greg KH wrote: > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > > Static analysis reports that 'offset' may be a user controlled value > > Can I see the rule that determined that? It does not feel like that is >

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:11 AM, Dan Williams wrote: Static analysis reports that 'offset' may be a user controlled value that is used as a data dependency reading from a raw_frag_vec buffer. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction stream

Re: [PATCH 15/18] vfs, fdtable: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:11 AM, Dan Williams wrote: Expectedly, static analysis reports that 'fd' is a user controlled value that is used as a data dependency to read from the 'fdt->fd' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction stream

Re: [PATCH 16/18] net: mpls: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:11 AM, Dan Williams wrote: Static analysis reports that 'index' may be a user controlled value that is used as a data dependency reading 'rt' from the 'platform_label' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction

Re: [PATCH 13/18] ipv6: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:11 AM, Dan Williams wrote: Static analysis reports that 'offset' may be a user controlled value that is used as a data dependency reading from a raw6_frag_vec buffer. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction stream

Re: [PATCH 12/18] Thermal/int340x: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:10 AM, Dan Williams wrote: Static analysis reports that 'trip' may be a user controlled value that is used as a data dependency to read '*temp' from the 'd->aux_trips' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction

Re: [PATCH 08/18] carl9170: prevent bounds-check bypass via speculative execution

Hello! On 1/6/2018 4:10 AM, Dan Williams wrote: Static analysis reports that 'queue' may be a user controlled value that is used as a data dependency to read from the 'ar9170_qmap' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction

Re: [PATCH 09/18] p54: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:10 AM, Dan Williams wrote: Static analysis reports that 'queue' may be a user controlled value that is used as a data dependency to read from the 'priv->qos_params' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

Sat, Jan 06, 2018 at 09:07:28AM CET, j...@resnulli.us wrote: >Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: >>On 1/5/18 4:09 PM, Jiri Pirko wrote: >>> From: Jiri Pirko >>> >>> Currently the filters added to qdiscs are independent. So for example if you >>> have

Re: [PATCH 10/18] qla2xxx: prevent bounds-check bypass via speculative execution

On Sat, Jan 06, 2018 at 10:03:22AM +0100, Greg KH wrote: > On Fri, Jan 05, 2018 at 05:10:48PM -0800, Dan Williams wrote: > > Static analysis reports that 'handle' may be a user controlled value > > that is used as a data dependency to read 'sp' from the > > 'req->outstanding_cmds' array. In order

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: > > Static analysis reports that 'index' may be a user controlled value that > > is used as a data dependency to read 'pin' from the > > 'selector->baSourceID' array. In order

Re: [PATCH 2/2] SolutionEngine771x: add Ether TSU resource

Hello! On 1/3/2018 11:08 PM, Sergei Shtylyov wrote: After the Ether platform data is fixed, the driver probe() method would still fail since the 'struct sh_eth_cpu_data' corresponding to SH771x indicates the presence of TSU but the memory resource for it is absent. Add the missing TSU

Re: [PATCH 10/18] qla2xxx: prevent bounds-check bypass via speculative execution

On Fri, Jan 05, 2018 at 05:10:48PM -0800, Dan Williams wrote: > Static analysis reports that 'handle' may be a user controlled value > that is used as a data dependency to read 'sp' from the > 'req->outstanding_cmds' array. In order to avoid potential leaks of > kernel memory values, block

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > Static analysis reports that 'offset' may be a user controlled value Can I see the rule that determined that? It does not feel like that is correct, given the 3+ levels deep that this function gets this value from... Same for the

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > Static analysis reports that 'offset' may be a user controlled value > that is used as a data dependency reading from a raw_frag_vec buffer. > In order to avoid potential leaks of kernel memory values, block > speculative execution of

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: >On 1/5/18 4:09 PM, Jiri Pirko wrote: >> From: Jiri Pirko >> >> Currently the filters added to qdiscs are independent. So for example if you >> have 2 netdevices and you create ingress qdisc on both and you want to

[PATCH] mdio-sun4i: Fix a memory leak

If the probing of the regulator is deferred, the memory allocated by 'mdiobus_alloc_size()' will be leaking. It should be freed before the next call to 'sun4i_mdio_probe()' which will reallocate it. Fixes: 4bdcb1dd9feb ("net: Add MDIO bus driver for the Allwinner EMAC") Signed-off-by: Christophe

<    1   2