lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170602204007.100d9d34@endymion>
Date:   Fri, 2 Jun 2017 20:40:07 +0200
From:   Jean Delvare <jdelvare@...e.de>
To:     Andy Shevchenko <andy.shevchenko@...il.com>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>,
        Mika Westerberg <mika.westerberg@...ux.intel.com>,
        Linus Walleij <linus.walleij@...aro.org>
Subject: Re: [PATCH] firmware: dmi: Check DMI structure length

On Thu, 1 Jun 2017 19:06:36 +0300, Andy Shevchenko wrote:
> On Thu, Jun 1, 2017 at 5:40 PM, Jean Delvare <jdelvare@...e.de> wrote:
> > On Thu, 1 Jun 2017 16:16:05 +0300, Andy Shevchenko wrote:  
> >> On Thu, Jun 1, 2017 at 4:08 PM, Jean Delvare <jdelvare@...e.de> wrote:  
> 
> >> > -       const u8 *d = (u8 *) dm + index;
> >> > +       const u8 *d;  
> >>  
> >> > +       d = (u8 *) dm + index;  
> >>
> >> I think you may leave this as is and make it compiler's burden to optimize.  
> >
> > Is there any benefit except making the patch smaller?  
> 
> Your commit message should answer to the question why and what.
> You didn't put it there.
> Moreover, the change above per se doesn't belong to this — one logical
> change per patch.

I'm confused. These changes totally belong to this patch. They belong
so much to it, that's the very reason why they are not described
separately in the commit message.

The purpose of the patch is to check that the records are large enough
to contain the fields we need to access. Setting a pointer beyond the
end of the record _before_ performing that check makes no sense.

I did not include these changes as performance optimizations, I
included them because they make the code conceptually correct. It's
even clearer for the last instance, as we are dereferencing the pointer
immediately, but in my opinion, even setting a pointer to a location
which may not exist is equally wrong and confusing for the reader.
That's why I moved that code after the length checks.

-- 
Jean Delvare
SUSE L3 Support

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ