Re: [PATCH 1/2] x86/setup_data: validate indirect entry sizes before dereferencing them

Next message: Muchun Song: "Re: [PATCH v2 1/5] mm/sparse-vmemmap: provide generic vmemmap_set_pmd() and vmemmap_check_pmd()"
Previous message: Guenter Roeck: "Re: [PATCH 3/3] hwmon: (gpd-fan): rename enum constants to uppercase as per kernel coding style"
In reply to: H. Peter Anvin: "Re: [PATCH 1/2] x86/setup_data: validate indirect entry sizes before dereferencing them"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pengpeng Hou

Date: Sun Apr 05 2026 - 10:08:43 EST

Hi Boris,

You're right to press on the threat model here.

I do not have a compelling scenario for this series that avoids already
privileged control over the boot-time state. The `setup_data` chain is boot
metadata coming from the bootloader / kexec handoff / virtualized boot path,
so this is better characterized as a robustness issue against malformed
setup_data than as a meaningful security boundary for an unprivileged
attacker.

So while I still think the size assumptions are too strong in these callers,
I do not think I have a strong enough answer to "why should x86 care?" in the
way you are asking.

I will drop the whole series.

Thanks,
Pengpeng