| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 01 May 2020 19:38:52 -0700
From: bbhatt@...eaurora.org
To: Jeffrey Hugo <jhugo@...eaurora.org>
Cc: mani@...nel.org, linux-arm-msm@...r.kernel.org,
linux-kernel@...r.kernel.org, hemantk@...eaurora.org,
linux-arm-msm-owner@...r.kernel.org
Subject: Re: [PATCH v3 6/9] bus: mhi: core: WARN_ON for malformed vector table
On 2020-04-30 08:02, Jeffrey Hugo wrote:
> On 4/29/2020 2:52 PM, Bhaumik Bhatt wrote:
>> Add a bounds check in the firmware copy routine to exit if a malformed
>> vector table is found while attempting to load the firmware in to the
>> BHIe vector table.
>>
>> Signed-off-by: Bhaumik Bhatt <bbhatt@...eaurora.org>
>> ---
>> drivers/bus/mhi/core/boot.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/drivers/bus/mhi/core/boot.c b/drivers/bus/mhi/core/boot.c
>> index 17c636b..bc70edc 100644
>> --- a/drivers/bus/mhi/core/boot.c
>> +++ b/drivers/bus/mhi/core/boot.c
>> @@ -362,8 +362,14 @@ static void mhi_firmware_copy(struct
>> mhi_controller *mhi_cntrl,
>> int i = 0;
>> struct mhi_buf *mhi_buf = img_info->mhi_buf;
>> struct bhi_vec_entry *bhi_vec = img_info->bhi_vec;
>> + struct device *dev = &mhi_cntrl->mhi_dev->dev;
>> while (remainder) {
>> + if (WARN_ON(i >= img_info->entries)) {
>> + dev_err(dev, "Malformed vector table\n");
>
> I feel like this message needs more detail. At a minimum, I think it
> should indicate what vector table (BHIe). I think if you can identify
> what file, etc the the glitch is in, that would be better. Maybe some
> detail about i and img_info->entries.
>
> If I see this error message, I should have enough information to
> immediately debug the issue. If it tells enough to go directly into
> the firmware file and have a look at entry X to see what might be
> corrupt about it, that makes my debugging very efficient. If I have
> to go back to the code to figure out what "Malformed vector table"
> means, and then maybe apply a patch to get more data about the error -
> the error message is not as useful as it should be.
>
I plan on dropping this patch as it looks like an unnecessary check
since we
will always rely on the firmware->size from the request_firmware() API
in order
to calculate the img_info->entries (or we can call it the number of
segments, in
our case). And we will never fail in the if loop as values will already
be
bounded.
>> + return;
>> + }
>> +
>> to_cpy = min(remainder, mhi_buf->len);
>> memcpy(mhi_buf->buf, buf, to_cpy);
>> bhi_vec->dma_addr = mhi_buf->dma_addr;
>>
Powered by blists - more mailing lists