lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ef9c1c27-b643-94b7-9f06-27e86f0a35ef@embeddedor.com>
Date:   Thu, 23 Jul 2020 12:01:54 -0500
From:   "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To:     Tomas Winkler <tomas.winkler@...el.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Alexander Usyskin <alexander.usyskin@...el.com>,
        linux-kernel@...r.kernel.org,
        "Gustavo A . R . Silva" <gustavoars@...nel.org>,
        Arnd Bergmann <arnd@...db.de>
Subject: Re: [char-misc-next 1/6] mei: hbm: use sizeof of variable instead of
 struct type



On 7/23/20 09:59, Tomas Winkler wrote:
> There is a possibility of bug when variable type has changed but
> corresponding struct passed to the sizeof has not.
> 
> Cc: Gustavo A. R. Silva <gustavoars@...nel.org>
> Signed-off-by: Tomas Winkler <tomas.winkler@...el.com>
Reviewed-by: Gustavo A. R. Silva <gustavoars@...nel.org>

Thanks
--
Gustavo

> ---
>  drivers/misc/mei/hbm.c | 74 ++++++++++++++++++------------------------
>  1 file changed, 32 insertions(+), 42 deletions(-)
> 
> diff --git a/drivers/misc/mei/hbm.c b/drivers/misc/mei/hbm.c
> index a44094cdbc36..308caee86920 100644
> --- a/drivers/misc/mei/hbm.c
> +++ b/drivers/misc/mei/hbm.c
> @@ -1,6 +1,6 @@
>  // SPDX-License-Identifier: GPL-2.0
>  /*
> - * Copyright (c) 2003-2019, Intel Corporation. All rights reserved.
> + * Copyright (c) 2003-2020, Intel Corporation. All rights reserved.
>   * Intel Management Engine Interface (Intel MEI) Linux driver
>   */
>  #include <linux/export.h>
> @@ -257,22 +257,21 @@ int mei_hbm_start_wait(struct mei_device *dev)
>  int mei_hbm_start_req(struct mei_device *dev)
>  {
>  	struct mei_msg_hdr mei_hdr;
> -	struct hbm_host_version_request start_req;
> -	const size_t len = sizeof(struct hbm_host_version_request);
> +	struct hbm_host_version_request req;
>  	int ret;
>  
>  	mei_hbm_reset(dev);
>  
> -	mei_hbm_hdr(&mei_hdr, len);
> +	mei_hbm_hdr(&mei_hdr, sizeof(req));
>  
>  	/* host start message */
> -	memset(&start_req, 0, len);
> -	start_req.hbm_cmd = HOST_START_REQ_CMD;
> -	start_req.host_version.major_version = HBM_MAJOR_VERSION;
> -	start_req.host_version.minor_version = HBM_MINOR_VERSION;
> +	memset(&req, 0, sizeof(req));
> +	req.hbm_cmd = HOST_START_REQ_CMD;
> +	req.host_version.major_version = HBM_MAJOR_VERSION;
> +	req.host_version.minor_version = HBM_MINOR_VERSION;
>  
>  	dev->hbm_state = MEI_HBM_IDLE;
> -	ret = mei_hbm_write_message(dev, &mei_hdr, &start_req);
> +	ret = mei_hbm_write_message(dev, &mei_hdr, &req);
>  	if (ret) {
>  		dev_err(dev->dev, "version message write failed: ret = %d\n",
>  			ret);
> @@ -295,13 +294,12 @@ static int mei_hbm_dma_setup_req(struct mei_device *dev)
>  {
>  	struct mei_msg_hdr mei_hdr;
>  	struct hbm_dma_setup_request req;
> -	const size_t len = sizeof(struct hbm_dma_setup_request);
>  	unsigned int i;
>  	int ret;
>  
> -	mei_hbm_hdr(&mei_hdr, len);
> +	mei_hbm_hdr(&mei_hdr, sizeof(req));
>  
> -	memset(&req, 0, len);
> +	memset(&req, 0, sizeof(req));
>  	req.hbm_cmd = MEI_HBM_DMA_SETUP_REQ_CMD;
>  	for (i = 0; i < DMA_DSCR_NUM; i++) {
>  		phys_addr_t paddr;
> @@ -337,21 +335,19 @@ static int mei_hbm_dma_setup_req(struct mei_device *dev)
>  static int mei_hbm_enum_clients_req(struct mei_device *dev)
>  {
>  	struct mei_msg_hdr mei_hdr;
> -	struct hbm_host_enum_request enum_req;
> -	const size_t len = sizeof(struct hbm_host_enum_request);
> +	struct hbm_host_enum_request req;
>  	int ret;
>  
>  	/* enumerate clients */
> -	mei_hbm_hdr(&mei_hdr, len);
> +	mei_hbm_hdr(&mei_hdr, sizeof(req));
>  
> -	memset(&enum_req, 0, len);
> -	enum_req.hbm_cmd = HOST_ENUM_REQ_CMD;
> -	enum_req.flags |= dev->hbm_f_dc_supported ?
> -			  MEI_HBM_ENUM_F_ALLOW_ADD : 0;
> -	enum_req.flags |= dev->hbm_f_ie_supported ?
> +	memset(&req, 0, sizeof(req));
> +	req.hbm_cmd = HOST_ENUM_REQ_CMD;
> +	req.flags |= dev->hbm_f_dc_supported ? MEI_HBM_ENUM_F_ALLOW_ADD : 0;
> +	req.flags |= dev->hbm_f_ie_supported ?
>  			  MEI_HBM_ENUM_F_IMMEDIATE_ENUM : 0;
>  
> -	ret = mei_hbm_write_message(dev, &mei_hdr, &enum_req);
> +	ret = mei_hbm_write_message(dev, &mei_hdr, &req);
>  	if (ret) {
>  		dev_err(dev->dev, "enumeration request write failed: ret = %d.\n",
>  			ret);
> @@ -380,7 +376,7 @@ static int mei_hbm_me_cl_add(struct mei_device *dev,
>  
>  	mei_me_cl_rm_by_uuid(dev, uuid);
>  
> -	me_cl = kzalloc(sizeof(struct mei_me_client), GFP_KERNEL);
> +	me_cl = kzalloc(sizeof(*me_cl), GFP_KERNEL);
>  	if (!me_cl)
>  		return -ENOMEM;
>  
> @@ -408,14 +404,13 @@ static int mei_hbm_add_cl_resp(struct mei_device *dev, u8 addr, u8 status)
>  {
>  	struct mei_msg_hdr mei_hdr;
>  	struct hbm_add_client_response resp;
> -	const size_t len = sizeof(struct hbm_add_client_response);
>  	int ret;
>  
>  	dev_dbg(dev->dev, "adding client response\n");
>  
> -	mei_hbm_hdr(&mei_hdr, len);
> +	mei_hbm_hdr(&mei_hdr, sizeof(resp));
>  
> -	memset(&resp, 0, sizeof(struct hbm_add_client_response));
> +	memset(&resp, 0, sizeof(resp));
>  	resp.hbm_cmd = MEI_HBM_ADD_CLIENT_RES_CMD;
>  	resp.me_addr = addr;
>  	resp.status  = status;
> @@ -469,11 +464,10 @@ int mei_hbm_cl_notify_req(struct mei_device *dev,
>  
>  	struct mei_msg_hdr mei_hdr;
>  	struct hbm_notification_request req;
> -	const size_t len = sizeof(struct hbm_notification_request);
>  	int ret;
>  
> -	mei_hbm_hdr(&mei_hdr, len);
> -	mei_hbm_cl_hdr(cl, MEI_HBM_NOTIFY_REQ_CMD, &req, len);
> +	mei_hbm_hdr(&mei_hdr, sizeof(req));
> +	mei_hbm_cl_hdr(cl, MEI_HBM_NOTIFY_REQ_CMD, &req, sizeof(req));
>  
>  	req.start = start;
>  
> @@ -580,8 +574,7 @@ static void mei_hbm_cl_notify(struct mei_device *dev,
>  static int mei_hbm_prop_req(struct mei_device *dev, unsigned long start_idx)
>  {
>  	struct mei_msg_hdr mei_hdr;
> -	struct hbm_props_request prop_req;
> -	const size_t len = sizeof(struct hbm_props_request);
> +	struct hbm_props_request req;
>  	unsigned long addr;
>  	int ret;
>  
> @@ -591,18 +584,17 @@ static int mei_hbm_prop_req(struct mei_device *dev, unsigned long start_idx)
>  	if (addr == MEI_CLIENTS_MAX) {
>  		dev->hbm_state = MEI_HBM_STARTED;
>  		mei_host_client_init(dev);
> -
>  		return 0;
>  	}
>  
> -	mei_hbm_hdr(&mei_hdr, len);
> +	mei_hbm_hdr(&mei_hdr, sizeof(req));
>  
> -	memset(&prop_req, 0, sizeof(struct hbm_props_request));
> +	memset(&req, 0, sizeof(req));
>  
> -	prop_req.hbm_cmd = HOST_CLIENT_PROPERTIES_REQ_CMD;
> -	prop_req.me_addr = addr;
> +	req.hbm_cmd = HOST_CLIENT_PROPERTIES_REQ_CMD;
> +	req.me_addr = addr;
>  
> -	ret = mei_hbm_write_message(dev, &mei_hdr, &prop_req);
> +	ret = mei_hbm_write_message(dev, &mei_hdr, &req);
>  	if (ret) {
>  		dev_err(dev->dev, "properties request write failed: ret = %d\n",
>  			ret);
> @@ -628,15 +620,14 @@ int mei_hbm_pg(struct mei_device *dev, u8 pg_cmd)
>  {
>  	struct mei_msg_hdr mei_hdr;
>  	struct hbm_power_gate req;
> -	const size_t len = sizeof(struct hbm_power_gate);
>  	int ret;
>  
>  	if (!dev->hbm_f_pg_supported)
>  		return -EOPNOTSUPP;
>  
> -	mei_hbm_hdr(&mei_hdr, len);
> +	mei_hbm_hdr(&mei_hdr, sizeof(req));
>  
> -	memset(&req, 0, len);
> +	memset(&req, 0, sizeof(req));
>  	req.hbm_cmd = pg_cmd;
>  
>  	ret = mei_hbm_write_message(dev, &mei_hdr, &req);
> @@ -657,11 +648,10 @@ static int mei_hbm_stop_req(struct mei_device *dev)
>  {
>  	struct mei_msg_hdr mei_hdr;
>  	struct hbm_host_stop_request req;
> -	const size_t len = sizeof(struct hbm_host_stop_request);
>  
> -	mei_hbm_hdr(&mei_hdr, len);
> +	mei_hbm_hdr(&mei_hdr, sizeof(req));
>  
> -	memset(&req, 0, len);
> +	memset(&req, 0, sizeof(req));
>  	req.hbm_cmd = HOST_STOP_REQ_CMD;
>  	req.reason = DRIVER_STOP_REQUEST;
>  
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ