lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Mar 2023 01:48:12 +0100 From: Mauro Carvalho Chehab <mchehab@...nel.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>, Kees Cook <keescook@...omium.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Jens Axboe <axboe@...nel.dk>, Nathan Chancellor <nathan@...nel.org>, "linux-block@...r.kernel.org" <linux-block@...r.kernel.org>, clang-built-linux <llvm@...ts.linux.dev>, linux-hardening@...r.kernel.org, Sylwester Nawrocki <s.nawrocki@...sung.com>, Marek Szyprowski <m.szyprowski@...sung.com>, Sakari Ailus <sakari.ailus@...ux.intel.com>, linux-media@...r.kernel.org Subject: Re: [GIT PULL] Block fixes for 6.3-rc3 Em Fri, 17 Mar 2023 13:51:17 -0700 Linus Torvalds <torvalds@...ux-foundation.org> escreveu: > On Fri, Mar 17, 2023 at 1:42 PM Miguel Ojeda > <miguel.ojeda.sandonis@...il.com> wrote: > > > > It is comparing against just the `.code` in the `m5mols_default_ffmt` > > table, i.e. the `MEDIA_BUS_FMT_VYUY8_2X8` (8199 = 0x2007) and > > `MEDIA_BUS_FMT_JPEG_1X8` (16385 = 0x4001), see > > Yeah, I see what it's doing. > > But: > > > If the condition had `++type` instead, it would not be a problem, > > because the loop stops before we go into the out of bounds access thus > > no UB. > > Yeah, but clang really should have generated a proper third iteration, > which calls that "out of bounds" case, and then returns, instead fo > falling off the end. > > I do think that on the kernel side, the fix is to just change > > } while (type++ != SIZE_DEFAULT_FFMT); > > to > > } while (++type != SIZE_DEFAULT_FFMT); Yeah, that seems to be the right fix to me too. Ack on such change: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=efbcbb12ee99f750c9f25c873b55ad774871de2a Regards, Mauro > > but I would *really* like clang to be fixed to not silently generate > code that does insane things and would be basically impossible to > debug if it ever triggers. > > We would have spent a *lot* of time wondering how the heck we Oopsed > in m5mols_get_frame_desc(). > > Linus > Thanks, Mauro
Powered by blists - more mailing lists