lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 31 Jan 2020 18:13:55 +0530
From:   Shadab Naseem <snaseem@...eaurora.org>
To:     srinivas.kandagatla@...aro.org
Cc:     linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
        neeraju@...eaurora.org, Shadab Naseem <snaseem@...eaurora.org>
Subject: [PATCH] nvmem: core: Fix msb clearing bits

When clearing the msb bits of the resultant buffer, it is
masked with the modulo of the number of bits needed with
respect to the BITS_PER_BYTE. To mask out the buffer,
it is passed though GENMASK of the remainder of the bits
starting from zeroth bit. This case is valid if nbits is not
a multiple of BITS_PER_BYTE and you are actually creating
a GENMASK. If the nbits coming is a multiple of BITS_PER_BYTE,
it would pass a negative value to the high bit number of
GENMASK with zero as the lower bit number.

As per the definition of the GENMASK, the higher bit number (h)
is right operand for bitwise right shift. If the value of the
right operand is negative or is greater or equal to the number
of bits in the promoted left operand, the behavior is undefined.
So passing a negative value to GENMASK could behave differently
across architecture, specifically between 64 and 32 bit.
Also, on passing the hard-coded negative value as GENMASK(-1, 0)
is giving compiler warning for shift-count-overflow.
Hence making a check for clearing the MSB if the nbits are not
a multiple of BITS_PER_BYTE.

Signed-off-by: Shadab Naseem <snaseem@...eaurora.org>
---
 drivers/nvmem/core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index 1e4a798..23c1547 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -926,7 +926,8 @@ static void nvmem_shift_read_buffer_in_place(struct nvmem_cell *cell, void *buf)
 		*p-- = 0;
 
 	/* clear msb bits if any leftover in the last byte */
-	*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);
+	if (cell->nbits%BITS_PER_BYTE)
+		*p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);
 }
 
 static int __nvmem_cell_read(struct nvmem_device *nvmem,
-- 
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a
member of the Code Aurora Forum, hosted by The Linux Foundation

Powered by blists - more mailing lists