lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150216132302.GO9110@finisterre.sirena.org.uk>
Date:	Mon, 16 Feb 2015 22:23:02 +0900
From:	Mark Brown <broonie@...nel.org>
To:	Ian Abbott <abbotti@....co.uk>
Cc:	linux-spi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] spi: spidev: only use up TX/RX bounce buffer space when
 needed

On Mon, Feb 16, 2015 at 10:18:01AM +0000, Ian Abbott wrote:
> On 16/02/15 04:13, Mark Brown wrote:

> >Right, but it's not clear if you mean that this is something to do with
> >the device drivers for SPI controllers or spidev itself.

> Okay, how about if I used the term "spidev device" to distinguish it from
> the lower-level SPI device?

Or just spidev.

> >>Yes, the patch limits the total user-specified TX data and the total
> >>user-specified RX data to the pre-allocated buffer size individually rather
> >>than limiting the total sum of user RX and TX data.

> >Your commit message needs to say this rather than requiring the user to
> >reverse engineer it from the code - a key part of reviewing a code
> >change is making sure that it does what the commit message says that it
> >does to make sure that it is having the indended effect.

> I thought it said that (somewhat clumsily) in the first paragraph.

Not really, it repeats the what that can be seen from the code but
doesn't explain what the goal of the change is supposed to be.  This
means it's not really possible to tell if that goal is being achieved.

> >>The check against INT_MAX is there because a struct spi_ioc_transfer might
> >>have rx_buf==NULL, tx_buf==NULL and len!=0, in which case it would no longer
> >>use up space in either of the pre-allocated buffers so neither rx_total nor
> >>tx_total would increase.  Checking the sum of the len fields against INT_MAX
> >>prevents arithmetic overflow in the return value of the function.

> >If that's what the code is supposed to do then someone reading the code
> >needs to be able to tell that without too much effort, I'd not expect
> >that to be possible as things are.  Maintainability is very important.

> There was a whole paragraph about that in the commit message, but maybe it
> was too concise.

The commit message is not the code.  The code itself needs to be clear,
and even based on what's in the commit message it's not terribly obvious
(and with the above the return value that will be overflowed doesn't
jump out).

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ