lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 30 Apr 2020 09:12:35 -0600
From:   Jeffrey Hugo <jhugo@...eaurora.org>
To:     Bhaumik Bhatt <bbhatt@...eaurora.org>, mani@...nel.org
Cc:     linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
        hemantk@...eaurora.org
Subject: Re: [PATCH v3 9/9] bus: mhi: core: Ensure non-zero session or
 sequence ID values

On 4/29/2020 2:52 PM, Bhaumik Bhatt wrote:
> While writing any sequence or session identifiers, it is possible that
> the host could write a zero value, whereas only non-zero values are
> supported writes to those registers. Ensure that host does not write a
> non-zero value for those cases.
> 
> Signed-off-by: Bhaumik Bhatt <bbhatt@...eaurora.org>
> ---
>   drivers/bus/mhi/core/boot.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/bus/mhi/core/boot.c b/drivers/bus/mhi/core/boot.c
> index 0bc9c50..c9971d4 100644
> --- a/drivers/bus/mhi/core/boot.c
> +++ b/drivers/bus/mhi/core/boot.c
> @@ -199,6 +199,9 @@ static int mhi_fw_load_amss(struct mhi_controller *mhi_cntrl,
>   	mhi_write_reg(mhi_cntrl, base, BHIE_TXVECSIZE_OFFS, mhi_buf->len);
>   
>   	sequence_id = prandom_u32() & BHIE_TXVECSTATUS_SEQNUM_BMSK;
> +	if (unlikely(!sequence_id))
> +		sequence_id = 1;

Seems like you could use prandom_u32_max(), and add 1 to the result to 
eliminate the conditional.  What do you think?

> +
>   	mhi_write_reg_field(mhi_cntrl, base, BHIE_TXVECDB_OFFS,
>   			    BHIE_TXVECDB_SEQNUM_BMSK, BHIE_TXVECDB_SEQNUM_SHFT,
>   			    sequence_id);
> @@ -254,6 +257,9 @@ static int mhi_fw_load_sbl(struct mhi_controller *mhi_cntrl,
>   		      lower_32_bits(dma_addr));
>   	mhi_write_reg(mhi_cntrl, base, BHI_IMGSIZE, size);
>   	session_id = prandom_u32() & BHI_TXDB_SEQNUM_BMSK;
> +	if (unlikely(!session_id))
> +		session_id = 1;
> +
>   	mhi_write_reg(mhi_cntrl, base, BHI_IMGTXDB, session_id);
>   	read_unlock_bh(pm_lock);
>   
> 


-- 
Jeffrey Hugo
Qualcomm Technologies, Inc. is a member of the
Code Aurora Forum, a Linux Foundation Collaborative Project.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ