| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f5029323-9b3b-1c66-3c89-c3230d5a24ea@linux.intel.com>
Date: Wed, 23 Oct 2019 13:05:54 +0300
From: Mathias Nyman <mathias.nyman@...ux.intel.com>
To: Samuel Holland <samuel@...lland.org>,
Mathias Nyman <mathias.nyman@...el.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH] usb: xhci: fix Immediate Data Transfer endianness
On 20.10.2019 4.53, Samuel Holland wrote:
> The arguments to queue_trb are always byteswapped to LE for placement in
> the ring, but this should not happen in the case of immediate data; the
> bytes copied out of transfer_buffer are already in the correct order.
> Add a complementary byteswap so the bytes end up in the ring correctly.
>
> This was observed on BE ppc64 with a "Texas Instruments TUSB73x0
> SuperSpeed USB 3.0 xHCI Host Controller [104c:8241]" as a ch341
> usb-serial adapter ("1a86:7523 QinHeng Electronics HL-340 USB-Serial
> adapter") always transmitting the same character (generally NUL) over
> the serial link regardless of the key pressed.
>
Thanks, nice catch.
It's unfortunate that we ended up with a situation where this fix is the
least intrusive one.
With IDT we would just want to memcpy() bytes an not care about endianness,
but on BE we end up storing data bytes in a u64, and start with a complementary u64
byteswap to counter a later u32 byteswap done after splitting the u64 to upper
and lower 32 bit parts.
This because that TRB field is normally used for 64bit data buffer pointers,
and all code is written to support that
adding to queue
-Mathias
Powered by blists - more mailing lists