lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <386072610805150254p6161627er9f99910066287f2f@mail.gmail.com>
Date:	Thu, 15 May 2008 17:54:51 +0800
From:	"Bryan Wu" <cooloney@...nel.org>
To:	"Jie Zhang" <jie.zhang@...log.com>
Cc:	"Oliver Neukum" <oliver@...kum.org>, harvey.harrison@...il.com,
	david-b@...bell.net, greg@...ah.com, linux-usb@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] [usb/host]: use get/put_unaligned_* helpers to fix more potential unaligned issues.

On Thu, May 15, 2008 at 5:15 PM, Jie Zhang <jie.zhang@...log.com> wrote:
> Oliver Neukum wrote:
>>
>> Am Donnerstag 15 Mai 2008 10:03:35 schrieb Jie Zhang:
>>>
>>> Oliver Neukum wrote:
>>>>
>>>> Am Donnerstag 15 Mai 2008 08:19:24 schrieb Bryan Wu:
>>>>>
>>>>> --- a/drivers/usb/host/uhci-hub.c
>>>>> +++ b/drivers/usb/host/uhci-hub.c
>>>>> @@ -253,7 +253,7 @@ static int uhci_hub_control(struct usb_hcd *hcd,
>>>>> u16 typeReq, u16 wValue,
>>>>>        switch (typeReq) {
>>>>>          case GetHubStatus:
>>>>> -               *(__le32 *)buf = cpu_to_le32(0);
>>>>> +               put_unaligned_le32(0, buf);
>>>>
>>>> What is supposed to make all these changes a good idea?
>>>>
>>> Since buf might not be 4-byte aligned.
>>
>> It is. Please analyze the code before you use these access methods.
>>
> You are right. buf has been 4-byte aligned since 2.6.19. My patch was
> written two years ago. Sorry for the noise I caused.
>

I has keeping this patch for a long time.  Jie fixed this patch at
2006/09/20 in our svn:
http://blackfin.uclinux.org/git/?p=readonly-mirrors/linux-kernel.git;a=commit;h=cb3da1243f84b37b53486c7e86da34565b4c5d92
http://blackfin.uclinux.org/git/?p=readonly-mirrors/linux-kernel.git;a=commit;h=2559298f0dca2cffc0b87390b92a484004f0d85e

And a similar patch from David Miller was accept in ohci-hub.c
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=92164c5dd1ade33f4e90b72e407910de6694de49

Also because of the same issue, which was fixed by:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=54bee6e1b455573658972510a76119f279db32b7

If other functions not only rh_call_control() call this hub_control()
pointer and the buf is not 4-byte aligned,
this bug will fire again without the unaligned API. This patch is
safer for the caller, although not efficient.

-Bryan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ