lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAOMqctQ3Asj+-onsAs7R-LBBth6Pf-D55yBPKwk5Z2bVVeQHVg@mail.gmail.com>
Date:	Thu, 21 May 2015 10:33:09 +0200
From:	Michal Suchanek <hramrach@...il.com>
To:	Brian Norris <computersforpeace@...il.com>
Cc:	David Woodhouse <dwmw2@...radead.org>,
	"Rafa?? Mi??ecki" <zajec5@...il.com>, Marek Vasut <marex@...x.de>,
	Alison Chaiken <alison_chaiken@...tor.com>,
	Ben Hutchings <ben@...adent.org.uk>,
	Geert Uytterhoeven <geert+renesas@...der.be>,
	"Bean Huo (beanhuo)" <beanhuo@...ron.com>,
	"grmoore@...era.com" <grmoore@...era.com>,
	linux-mtd@...ts.infradead.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/3] MTD: m25p80: fix write return value.

Hello,

On 21 May 2015 at 01:45, Brian Norris <computersforpeace@...il.com> wrote:
> On Thu, Apr 30, 2015 at 03:33:47PM +0200, Michal Suchanek wrote:
>> The 'retlen' points to a variable representing the number of data bytes
>> written/read (see include/linux/mtd/mtd.h) by the current invocation of
>> the function. This variable must be set, not incremented.
>>
>> v2: clearer commit message
>>
>> Signed-off-by: Michal Suchanek <hramrach@...il.com>
>> Acked-by: Marek Vasut <marex@...x.de>
>> ---
>>  drivers/mtd/devices/m25p80.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/mtd/devices/m25p80.c b/drivers/mtd/devices/m25p80.c
>> index 7c8b169..0b2bc21 100644
>> --- a/drivers/mtd/devices/m25p80.c
>> +++ b/drivers/mtd/devices/m25p80.c
>> @@ -102,7 +102,7 @@ static void m25p80_write(struct spi_nor *nor, loff_t to, size_t len,
>>
>>       spi_sync(spi, &m);
>>
>> -     *retlen += m.actual_length - cmd_sz;
>> +     *retlen = m.actual_length - cmd_sz;
>
> This is very wrong. It gets a little better once you add your next
> patches (which are also not good) since those patches reinterpret the
> usage of retlen, but this one definitely does *not* stand a lone.
>
> I'll admit the API is a little odd here, but the callers of this
> function (see spi_nor_write()) actually depend on calling this multiple
> times, with the value incrementing each time so we get a summary total.
> You're now clobbering this value.
>
> I'm willing to accept patches to improve this API, if you think that
> would help. Or to add comments that document this.

Yes, the only user of the retlen value ignores it but passes it on so
without the following patch this one makes the passed on value
different from before.

For m25p80 this would be fixed by truncating the write in the driver
and setting actual_length appropriately rather than returning an error
when the message is too long. It might possibly break other drivers,
though.

Thanks

Michal
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ