| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <25e5b2a5255b42ca92add0177fa4832d@AcuMS.aculab.com>
Date: Thu, 25 Oct 2018 16:03:35 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Colin King' <colin.king@...onical.com>,
Steve Wise <swise@...lsio.com>,
Doug Ledford <dledford@...hat.com>,
Jason Gunthorpe <jgg@...pe.ca>,
"linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>
CC: "kernel-janitors@...r.kernel.org" <kernel-janitors@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH] RDMA/cxgb3: Fix unintended sign extension
From: Colin King
> Sent: 25 October 2018 15:32
>
> From: Colin Ian King <colin.king@...onical.com>
>
> In the expression "utx_len << 28", utx_len starts as u8, but is promoted
> to a signed int, then sign-extended to u64. If utx_len is 0xf8 or greater
> then the sign extension will set all the upper bits of utx_cmd which is
> probably not what was intended. Cast to utx_len to u64 to avoid the sign
> extension.
RTFC...
utx_len is only ever 1, 2 or 3.
The 'problem' would arise if utx_len << 28 set the high bit.
This can only happen if utx_len is more than 7 (NFI where 0xf8 came from).
In any case the best fix is to use 'unsigned int' for wr_len and utx_len.
There is no point making local variable (or functions parameters/results)
smaller that 'int' unless you explicitly want the arithmetic to wrap.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists