lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <623c100dc1850c8d8f9a6412d7153fd1@codeaurora.org>
Date:   Mon, 04 May 2020 19:32:41 -0700
From:   bbhatt@...eaurora.org
To:     Jeffrey Hugo <jhugo@...eaurora.org>
Cc:     mani@...nel.org, linux-arm-msm@...r.kernel.org,
        linux-kernel@...r.kernel.org, hemantk@...eaurora.org
Subject: Re: [PATCH v4 8/8] bus: mhi: core: Ensure non-zero session or
 sequence ID values are used

On 2020-05-04 07:33, Jeffrey Hugo wrote:
> On 5/1/2020 8:32 PM, Bhaumik Bhatt wrote:
>> While writing any sequence or session identifiers, it is possible that
>> the host could write a zero value, whereas only non-zero values should
>> be supported writes to those registers. Ensure that the host does not
>> write a non-zero value for them and also log them in debug messages.
>> 
>> Suggested-by: Jeffrey Hugo <jhugo@...eaurora.org>
>> Signed-off-by: Bhaumik Bhatt <bbhatt@...eaurora.org>
>> ---
>>   drivers/bus/mhi/core/boot.c     | 15 +++++++--------
>>   drivers/bus/mhi/core/internal.h |  1 +
>>   2 files changed, 8 insertions(+), 8 deletions(-)
>> 
>> diff --git a/drivers/bus/mhi/core/boot.c b/drivers/bus/mhi/core/boot.c
>> index e5fcde1..9fe9c59 100644
>> --- a/drivers/bus/mhi/core/boot.c
>> +++ b/drivers/bus/mhi/core/boot.c
>> @@ -43,10 +43,7 @@ void mhi_rddm_prepare(struct mhi_controller 
>> *mhi_cntrl,
>>   		      lower_32_bits(mhi_buf->dma_addr));
>>     	mhi_write_reg(mhi_cntrl, base, BHIE_RXVECSIZE_OFFS, 
>> mhi_buf->len);
>> -	sequence_id = prandom_u32() & BHIE_RXVECSTATUS_SEQNUM_BMSK;
>> -
>> -	if (unlikely(!sequence_id))
>> -		sequence_id = 1;
>> +	sequence_id = (MHI_RANDOM_U32_NONZERO & 
>> BHIE_RXVECSTATUS_SEQNUM_BMSK);
> 
> I don't think this math works.  For example, if MHI_RANDOM_U32_NONZERO
> is 0x0FF0, and BHIE_RXVECSTATUS_SEQNUM_BMSK is 0xF, then sequence_id
> will end up being 0.

In this case, SEQNUM BMSK is set to 0x3FFFFFFF so this change will still 
work as
we only supplied a non-zero number macro to AND with the mask.
However, I agree that may not be the case always that we would know the 
bitmask
in advance so it is better to fix it for good.

Thanks for the catch! I have updated the change to have the macro take 
the
bitmask as a parameter and output a non-zero value.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ