lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20190605094819.GB24282@kroah.com>
Date:   Wed, 5 Jun 2019 11:48:19 +0200
From:   "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
To:     Duyanlin <duyanlin@...wei.com>
Cc:     "shawnguo@...nel.org" <shawnguo@...nel.org>,
        "s.hauer@...gutronix.de" <s.hauer@...gutronix.de>,
        "kernel@...gutronix.de" <kernel@...gutronix.de>,
        "festevam@...il.com" <festevam@...il.com>,
        "linux-imx@....com" <linux-imx@....com>,
        "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Zengweilin <zengweilin@...wei.com>
Subject: Re: [PATCH] drivers/usb/host/imx21-hcd.c: fix divide-by-zero in func
 nonisoc_etd_done

On Wed, Jun 05, 2019 at 02:02:40AM +0000, Duyanlin wrote:
> 
> If the function usb_maxpacket(urb->dev, urb->pipe, usb_pipeout(urb->pipe)) returns 0, that will cause a illegal divide-by-zero operation, unexpected results may occur.
> It is best to ensure that the denominator is non-zero before dividing by zero.

Please wrap your changelog comments at 72 columns.

> Signed-off-by: Yanlin Du <duyanlin@...wei.com>

This name HAS to match the From: line of your email.  For that reason
alone I can not take this patch.

> ---
>  drivers/usb/host/imx21-hcd.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/usb/host/imx21-hcd.c b/drivers/usb/host/imx21-hcd.c index 6e3dad1..6a47f78 100644
> --- a/drivers/usb/host/imx21-hcd.c
> +++ b/drivers/usb/host/imx21-hcd.c
> @@ -1038,6 +1038,7 @@ static void nonisoc_etd_done(struct usb_hcd *hcd, int etd_num)
>  	int cc;
>  	u32 bytes_xfrd;
>  	int etd_done;
> +	unsigned int maxp;
>  
>  	disactivate_etd(imx21, etd_num);
>  
> @@ -1104,13 +1105,13 @@ static void nonisoc_etd_done(struct usb_hcd *hcd, int etd_num)
>  		break;
>  
>  	case PIPE_BULK:
> +		maxp = usb_maxpacket(urb->dev, urb->pipe,
> +				usb_pipeout(urb->pipe));

How can this ever be 0?  Don't we abort a lot earlier if a pipe length
is 0?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ