lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 07 Sep 2008 13:21:51 +0400
From:	Sergei Shtylyov <sshtylyov@...mvista.com>
To:	Masoud Sharbiani <masouds@...gle.com>
Cc:	bzolnier@...il.com, akpm@...ux-foundation.org,
	linux-kernel@...r.kernel.org, linux-ide@...r.kernel.org
Subject: Re: [PATCH] Fix pointer arithmetic in hpt3xx driver code (3rd try)

Hello.

Masoud Sharbiani wrote:

> git commit 74811f355f4f69a187fa74892dcf2a684b84ce99 causes crash at
> module load (or boot) time on my machine with a hpt374 controller.
> The reason for this is that for initializing second controller which sets
> (hwif->dev == host->dev[1]) to true (1), adds 1 to a void ptr, which
> advances it by one byte instead of advancing it by sizeof(hpt_info) bytes.
> Because of this, all initialization functions get corrupted data in info
> variable which causes a crash at boot time.
>
> This patch fixes that and makes my machine boot again.
>   

   This description is better, thanks. You could also mention that 
you're factoring out the code to get to the 'struct hpt_info' into a 
separate function...

> Signed-Off-By: Masoud Sharbiani <masouds@...gle.com>
>
> diff --git a/drivers/ide/pci/hpt366.c b/drivers/ide/pci/hpt366.c
> index eb107ee..4eae284 100644
> --- a/drivers/ide/pci/hpt366.c
> +++ b/drivers/ide/pci/hpt366.c
> @@ -613,6 +613,14 @@ static int check_in_drive_list(ide_drive_t *drive, const char **list)
>  	return 0;
>  }
>  
> +static struct hpt_info *hpt3xx_get_info(struct device *dev)
> +{
> +	struct ide_host *host	= pci_get_drvdata(to_pci_dev(pci_dev));
>   

   Oops, this just won't compile. :-/
   And please re-consider passing 'struct pci_dev *' to this function 
since it's pre-calculated by the callers and is used by them otherwise 
in 5 (not even 4) cases out of 7.

> +	struct hpt_info *info	= (struct hpt_info *)host->host_priv;
> +
> +	return dev == host->dev[1] ? info + 1 : info;
>   

    The 'dev' here would turn into '&dev->dev' if the parameter type 
would be changed.

MBR, Sergei


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ