| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190701122158.GE8166@8bytes.org>
Date: Mon, 1 Jul 2019 14:21:59 +0200
From: Joerg Roedel <joro@...tes.org>
To: Nicolin Chen <nicoleotsuka@...il.com>
Cc: robin.murphy@....com, iommu@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] iommu/dma: Fix calculation overflow in __finalise_sg()
On Fri, Jun 21, 2019 at 09:38:14PM -0700, Nicolin Chen wrote:
> The max_len is a u32 type variable so the calculation on the
> left hand of the last if-condition will potentially overflow
> when a cur_len gets closer to UINT_MAX -- note that there're
> drivers setting max_seg_size to UINT_MAX:
> drivers/dma/dw-edma/dw-edma-core.c:745:
> dma_set_max_seg_size(dma->dev, U32_MAX);
> drivers/dma/dma-axi-dmac.c:871:
> dma_set_max_seg_size(&pdev->dev, UINT_MAX);
> drivers/mmc/host/renesas_sdhi_internal_dmac.c:338:
> dma_set_max_seg_size(dev, 0xffffffff);
> drivers/nvme/host/pci.c:2520:
> dma_set_max_seg_size(dev->dev, 0xffffffff);
>
> So this patch just casts the cur_len in the calculation to a
> size_t type to fix the overflow issue, as it's not necessary
> to change the type of cur_len after all.
>
> Fixes: 809eac54cdd6 ("iommu/dma: Implement scatterlist segment merging")
> Cc: stable@...r.kernel.org
> Signed-off-by: Nicolin Chen <nicoleotsuka@...il.com>
Looks good to me, but I let Robin take a look too before I apply it,
Robin?
Powered by blists - more mailing lists