lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 15 May 2008 14:19:14 +0200
From:	Oliver Neukum <oliver@...kum.org>
To:	"Bryan Wu" <cooloney@...nel.org>
Cc:	"Jie Zhang" <jie.zhang@...log.com>, harvey.harrison@...il.com,
	david-b@...bell.net, greg@...ah.com, linux-usb@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] [usb/host]: use get/put_unaligned_* helpers to fix more potential unaligned issues.

Am Donnerstag 15 Mai 2008 11:54:51 schrieb Bryan Wu:
> On Thu, May 15, 2008 at 5:15 PM, Jie Zhang <jie.zhang@...log.com> wrote:
> > Oliver Neukum wrote:
> >>
> >> Am Donnerstag 15 Mai 2008 10:03:35 schrieb Jie Zhang:
> >>>
> >>> Oliver Neukum wrote:
> >>>>
> >>>> Am Donnerstag 15 Mai 2008 08:19:24 schrieb Bryan Wu:
> >>>>>
> >>>>> --- a/drivers/usb/host/uhci-hub.c
> >>>>> +++ b/drivers/usb/host/uhci-hub.c
> >>>>> @@ -253,7 +253,7 @@ static int uhci_hub_control(struct usb_hcd *hcd,
> >>>>> u16 typeReq, u16 wValue,
> >>>>>        switch (typeReq) {
> >>>>>          case GetHubStatus:
> >>>>> -               *(__le32 *)buf = cpu_to_le32(0);
> >>>>> +               put_unaligned_le32(0, buf);
> >>>>
> >>>> What is supposed to make all these changes a good idea?
> >>>>
> >>> Since buf might not be 4-byte aligned.
> >>
> >> It is. Please analyze the code before you use these access methods.
> >>
> > You are right. buf has been 4-byte aligned since 2.6.19. My patch was
> > written two years ago. Sorry for the noise I caused.
> >
> 
> I has keeping this patch for a long time.  Jie fixed this patch at
> 2006/09/20 in our svn:
> http://blackfin.uclinux.org/git/?p=readonly-mirrors/linux-kernel.git;a=commit;h=cb3da1243f84b37b53486c7e86da34565b4c5d92
> http://blackfin.uclinux.org/git/?p=readonly-mirrors/linux-kernel.git;a=commit;h=2559298f0dca2cffc0b87390b92a484004f0d85e
> 
> And a similar patch from David Miller was accept in ohci-hub.c
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=92164c5dd1ade33f4e90b72e407910de6694de49
> 
> Also because of the same issue, which was fixed by:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=54bee6e1b455573658972510a76119f279db32b7
> 
> If other functions not only rh_call_control() call this hub_control()
> pointer and the buf is not 4-byte aligned,
> this bug will fire again without the unaligned API. This patch is
> safer for the caller, although not efficient.

This is not very nice. If we pass around unaligned pointers we should mark
those not catch errors later on.

	Regards
		Oliver
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ