lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 01 May 2020 19:33:03 -0700
From:   bbhatt@...eaurora.org
To:     Jeffrey Hugo <jhugo@...eaurora.org>
Cc:     mani@...nel.org, linux-arm-msm@...r.kernel.org,
        linux-kernel@...r.kernel.org, hemantk@...eaurora.org,
        linux-kernel-owner@...r.kernel.org
Subject: Re: [PATCH v3 9/9] bus: mhi: core: Ensure non-zero session or
 sequence ID values

On 2020-04-30 08:12, Jeffrey Hugo wrote:
> On 4/29/2020 2:52 PM, Bhaumik Bhatt wrote:
>> While writing any sequence or session identifiers, it is possible that
>> the host could write a zero value, whereas only non-zero values are
>> supported writes to those registers. Ensure that host does not write a
>> non-zero value for those cases.
>> 
>> Signed-off-by: Bhaumik Bhatt <bbhatt@...eaurora.org>
>> ---
>>   drivers/bus/mhi/core/boot.c | 6 ++++++
>>   1 file changed, 6 insertions(+)
>> 
>> diff --git a/drivers/bus/mhi/core/boot.c b/drivers/bus/mhi/core/boot.c
>> index 0bc9c50..c9971d4 100644
>> --- a/drivers/bus/mhi/core/boot.c
>> +++ b/drivers/bus/mhi/core/boot.c
>> @@ -199,6 +199,9 @@ static int mhi_fw_load_amss(struct mhi_controller 
>> *mhi_cntrl,
>>   	mhi_write_reg(mhi_cntrl, base, BHIE_TXVECSIZE_OFFS, mhi_buf->len);
>>     	sequence_id = prandom_u32() & BHIE_TXVECSTATUS_SEQNUM_BMSK;
>> +	if (unlikely(!sequence_id))
>> +		sequence_id = 1;
> 
> Seems like you could use prandom_u32_max(), and add 1 to the result to
> eliminate the conditional.  What do you think?
> 

Agreed. Done using an internal macro in those places.

>> +
>>   	mhi_write_reg_field(mhi_cntrl, base, BHIE_TXVECDB_OFFS,
>>   			    BHIE_TXVECDB_SEQNUM_BMSK, BHIE_TXVECDB_SEQNUM_SHFT,
>>   			    sequence_id);
>> @@ -254,6 +257,9 @@ static int mhi_fw_load_sbl(struct mhi_controller 
>> *mhi_cntrl,
>>   		      lower_32_bits(dma_addr));
>>   	mhi_write_reg(mhi_cntrl, base, BHI_IMGSIZE, size);
>>   	session_id = prandom_u32() & BHI_TXDB_SEQNUM_BMSK;
>> +	if (unlikely(!session_id))
>> +		session_id = 1;
>> +
>>   	mhi_write_reg(mhi_cntrl, base, BHI_IMGTXDB, session_id);
>>   	read_unlock_bh(pm_lock);
>> 

Powered by blists - more mailing lists