lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 14 Dec 2017 14:32:30 +0100
From:   Niklas Cassel <niklas.cassel@...s.com>
To:     Bjorn Helgaas <helgaas@...nel.org>
Cc:     linux-pci@...r.kernel.org, kishon@...com,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 0/3] Fix find_first_zero_bit() usage

On Wed, Dec 13, 2017 at 03:59:25PM -0600, Bjorn Helgaas wrote:
> On Tue, Dec 12, 2017 at 03:16:31PM +0100, Niklas Cassel wrote:
> > find_first_zero_bit()'s parameter 'size' is defined in bits,
> > not in bytes.
> > 
> > Calling find_first_zero_bit() with the wrong size unit
> > will lead to insidious bugs.
> > 
> > Fix all uses of find_first_zero_bit() called with
> > sizeof() as size argument in drivers/pci.
> > 
> > Also had to fix broken error handling in pci_epc_epf_link()
> > in order to do proper error handling for find_first_zero_bit().
> > 
> > Niklas Cassel (3):
> >   PCI: designware-ep: Fix find_first_zero_bit() usage
> >   PCI: endpoint: Fix error handling in pci_epc_epf_link()
> >   PCI: endpoint: Fix find_first_zero_bit() usage
> > 
> >  drivers/pci/dwc/pcie-designware-ep.c | 34 ++++++++++++++++++++++++++--------
> >  drivers/pci/dwc/pcie-designware.h    |  8 ++++++--
> >  drivers/pci/endpoint/pci-ep-cfs.c    | 13 ++++++++-----
> >  3 files changed, 40 insertions(+), 15 deletions(-)
> 
> In the interest of making forward progress, I applied these to
> for-linus for v4.15.
> 
> The issues apparently have been there since v4.12-rc1, but I guess
> this is proposed for for-linus because (a) it fixes insidious bugs
> and (b) the endpoint framework is relatively little-used yet so
> low-risk.  Right?
> 

Hello Bjorn,

As far as I know, dra7xx is the only in-tree user of the endpoint
framework. Therefore, I see no real need to rush these patches.

One benefit of sending them to v4.15 would be if anyone starts
developing endpoint support for their driver (with v4.15 as a base),
we eliminate the risk that they might get hit by these bugs, and
potentially waste time finding bugs that have already been found.

Please note that Kishon had some last minute review comments,
so I had to submit a V5 of the patch series.

Regards,
Niklas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ