lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200414082635.jo5yljonh5xgnujd@pengutronix.de>
Date:   Tue, 14 Apr 2020 10:26:35 +0200
From:   Uwe Kleine-König 
        <u.kleine-koenig@...gutronix.de>
To:     peng.fan@....com
Cc:     shawnguo@...nel.org, s.hauer@...gutronix.de,
        jassisinghbrar@...il.com, o.rempel@...gutronix.de,
        leonard.crestez@....com, aisheng.dong@....com, Anson.Huang@....com,
        linux-kernel@...r.kernel.org, linux-imx@....com,
        kernel@...gutronix.de, festevam@...il.com,
        linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH] mailbox: imx-mailbox: fix scu msg header size check

On Tue, Apr 14, 2020 at 04:10:26PM +0800, peng.fan@....com wrote:
> From: Peng Fan <peng.fan@....com>
> 
> The i.MX8 SCU message header size is the number of "u32" elements,
> not "u8", so fix the check.
> 
> Reported-by: coverity-bot <keescook+coverity-bot@...omium.org>
> Addresses-Coverity-ID: 1461658 ("Memory - corruptions")
> Signed-off-by: Peng Fan <peng.fan@....com>
> ---
> 
> V2:
>  I not include the fixes tag, since this patch still in next tree.
> 
>  drivers/mailbox/imx-mailbox.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/mailbox/imx-mailbox.c b/drivers/mailbox/imx-mailbox.c
> index 7906624a731c..c2398cb63ea0 100644
> --- a/drivers/mailbox/imx-mailbox.c
> +++ b/drivers/mailbox/imx-mailbox.c
> @@ -154,12 +154,12 @@ static int imx_mu_scu_tx(struct imx_mu_priv *priv,
>  
>  	switch (cp->type) {
>  	case IMX_MU_TYPE_TX:
> -		if (msg->hdr.size > sizeof(*msg)) {
> +		if (msg->hdr.size > (sizeof(*msg) / 4)) {

No need for the parenthesis. Maybe a comment would be helpful here,
something like:

	/*
	 * msg->hdr.size specifies the number of u32 words while sizeof
	 * yields bytes.
	 */

>  			/*
>  			 * The real message size can be different to
>  			 * struct imx_sc_rpc_msg_max size
>  			 */
> -			dev_err(priv->dev, "Exceed max msg size (%zu) on TX, got: %i\n", sizeof(*msg), msg->hdr.size);
> +			dev_err(priv->dev, "Exceed max msg size (%zu) on TX, got: %i\n", sizeof(*msg) / 4, msg->hdr.size);

The unit here is also "number of u32 words", maybe bytes is more
natural? And I suggesting specifying the unit in the error message.

Best regards
Uwe

-- 
Pengutronix e.K.                           | Uwe Kleine-König            |
Industrial Linux Solutions                 | https://www.pengutronix.de/ |

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ