lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 25 Feb 2020 16:20:17 +0530
From:   Shadab Naseem <snaseem@...eaurora.org>
To:     Mukesh Ojha <mojha@...eaurora.org>, srinivas.kandagatla@...aro.org
Cc:     linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
        neeraju@...eaurora.org
Subject: Re: [PATCH] nvmem: core: Fix msb clearing bits

Gentle reminder as it is easily reproducible in 32 bit targets.

Regards

-Shadab

On 2/14/2020 12:46 PM, Mukesh Ojha wrote:
>
> On 1/31/2020 6:13 PM, Shadab Naseem wrote:
>> When clearing the msb bits of the resultant buffer, it is
>> masked with the modulo of the number of bits needed with
>> respect to the BITS_PER_BYTE. To mask out the buffer,
>> it is passed though GENMASK of the remainder of the bits
>> starting from zeroth bit. This case is valid if nbits is not
>> a multiple of BITS_PER_BYTE and you are actually creating
>> a GENMASK. If the nbits coming is a multiple of BITS_PER_BYTE,
>> it would pass a negative value to the high bit number of
>> GENMASK with zero as the lower bit number.
>>
>> As per the definition of the GENMASK, the higher bit number (h)
>> is right operand for bitwise right shift. If the value of the
>> right operand is negative or is greater or equal to the number
>> of bits in the promoted left operand, the behavior is undefined.
>> So passing a negative value to GENMASK could behave differently
>> across architecture, specifically between 64 and 32 bit.
>> Also, on passing the hard-coded negative value as GENMASK(-1, 0)
>> is giving compiler warning for shift-count-overflow.
>> Hence making a check for clearing the MSB if the nbits are not
>> a multiple of BITS_PER_BYTE.
>>
>> Signed-off-by: Shadab Naseem <snaseem@...eaurora.org>
>> ---
>>   drivers/nvmem/core.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
>> index 1e4a798..23c1547 100644
>> --- a/drivers/nvmem/core.c
>> +++ b/drivers/nvmem/core.c
>> @@ -926,7 +926,8 @@ static void 
>> nvmem_shift_read_buffer_in_place(struct nvmem_cell *cell, void *buf)
>>           *p-- = 0;
>>         /* clear msb bits if any leftover in the last byte */
>> -    *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);
>> +    if (cell->nbits%BITS_PER_BYTE)
>> +        *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);
>
>
> LGTM..
>
> Reviewed-by: mojha@...eaurora.org
>
>
> Thanks
> Mukesh
>
>>   }
>>     static int __nvmem_cell_read(struct nvmem_device *nvmem,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ