| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Nov 2016 21:39:21 +0100
From: "Luis R. Rodriguez" <mcgrof@...nel.org>
To: Yves-Alexis Perez <corsac@...sac.net>
Cc: linux-kernel@...r.kernel.org,
Yves-Alexis Perez <corsac@...ian.org>,
Ming Lei <ming.lei@...onical.com>,
"Luis R. Rodriguez" <mcgrof@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Johannes Berg <johannes@...solutions.net>,
Jouni Malinen <j@...fi>, Kees Cook <keescook@...omium.org>,
Jiri Kosina <jkosina@...e.cz>, Jiri Slaby <jslaby@...e.com>,
Tom Gundersen <teg@...m.no>, Kay Sievers <kay@...y.org>,
Josh Boyer <jwboyer@...oraproject.org>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
Andy Lutomirski <luto@...capital.net>,
Harald Hoyer <harald@...hat.com>,
Seth Forshee <seth.forshee@...onical.com>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Daniel Wagner <wagi@...om.org>, stable@...r.kernel.org
Subject: Re: [PATCH] firmware: fix async/manual firmware loading
On Sun, Oct 30, 2016 at 03:50:48PM +0100, Yves-Alexis Perez wrote:
> From: Yves-Alexis Perez <corsac@...ian.org>
>
> wait_for_completion_interruptible_timeout() return value is either
> -ERESTARTSYS (in case it was interrupted), 0 (in case the timeout expired)
> or the number of jiffies left until timeout. The return value is stored in
> a long, but in _request_firmware_load() it's silently casted to an int,
> which can overflow and give a negative value, indicating an error.
>
> Fix this by re-using the timeout variable and only set retval when it's
> safe.
Please amend the commit log as I noted in the previous response, and
resend.
> Signed-off-by: Yves-Alexis Perez <corsac@...sac.net>
> Cc: Ming Lei <ming.lei@...onical.com>
> Cc: "Luis R. Rodriguez" <mcgrof@...nel.org>
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Other than the commit log you can add on you resend:
Acked-by: Luis R. Rodriguez.
Modulo I don't personally thing this this is sable material but I'll let
Greg decide.
Luis
> Cc: stable@...r.kernel.org
>
> ---
> drivers/base/firmware_class.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
> index 22d1760..a95e1e5 100644
> --- a/drivers/base/firmware_class.c
> +++ b/drivers/base/firmware_class.c
> @@ -955,13 +955,14 @@ static int _request_firmware_load(struct firmware_priv *fw_priv,
> timeout = MAX_JIFFY_OFFSET;
> }
>
> - retval = wait_for_completion_interruptible_timeout(&buf->completion,
> + timeout = wait_for_completion_interruptible_timeout(&buf->completion,
> timeout);
> - if (retval == -ERESTARTSYS || !retval) {
> + if (timeout == -ERESTARTSYS || !timeout) {
> + retval = timeout;
> mutex_lock(&fw_lock);
> fw_load_abort(fw_priv);
> mutex_unlock(&fw_lock);
> - } else if (retval > 0) {
> + } else if (timeout > 0) {
> retval = 0;
> }
>
> --
> 2.10.1
>
>
--
Luis Rodriguez, SUSE LINUX GmbH
Maxfeldstrasse 5; D-90409 Nuernberg
Powered by blists - more mailing lists