lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 28 Jul 2020 23:50:38 -0500
From:   Samuel Holland <samuel@...lland.org>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     Adam Radford <aradford@...il.com>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        linux-scsi <linux-scsi@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] scsi: 3w-9xxx: Fix endianness issues found by sparse

On 7/27/20 2:18 PM, Arnd Bergmann wrote:
> On Sun, Jul 26, 2020 at 9:15 PM Samuel Holland <samuel@...lland.org> wrote:
>>
>> The main issue observed was at the call to scsi_set_resid, where the
>> byteswapped parameter would eventually trigger the alignment check at
>> drivers/scsi/sd.c:2009. At that point, the kernel would continuously
>> complain about an "Unaligned partial completion", and no further I/O
>> could occur.
>>
>> This gets the controller working on big endian powerpc64.
>>
>> Signed-off-by: Samuel Holland <samuel@...lland.org>
>> ---
>>  drivers/scsi/3w-9xxx.c | 35 +++++++++++++++++------------------
>>  drivers/scsi/3w-9xxx.h |  6 +++++-
>>  2 files changed, 22 insertions(+), 19 deletions(-)
>>
>> diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c
>> index 3337b1e80412..95e25fda1f90 100644
>> --- a/drivers/scsi/3w-9xxx.c
>> +++ b/drivers/scsi/3w-9xxx.c
>> @@ -303,10 +303,10 @@ static int twa_aen_drain_queue(TW_Device_Extension *tw_dev, int no_check_reset)
>>
>>         /* Initialize sglist */
>>         memset(&sglist, 0, sizeof(TW_SG_Entry));
>> -       sglist[0].length = TW_SECTOR_SIZE;
>> -       sglist[0].address = tw_dev->generic_buffer_phys[request_id];
>> +       sglist[0].length = cpu_to_le32(TW_SECTOR_SIZE);
>> +       sglist[0].address = TW_CPU_TO_SGL(tw_dev->generic_buffer_phys[request_id]);
> 
> This looks like it would add a sparse warning, not fix one, unless you also
> change the types of the target structure.

Yes, I meant to change the structure types as well. All of the command
structures sent to the card are little-endian. I pulled this bugfix patch out of
a series of unrelated changes, and I missed the header changes. I'll send a v2.

>> @@ -501,7 +501,7 @@ static void twa_aen_sync_time(TW_Device_Extension *tw_dev, int request_id)
>>             Sunday 12:00AM */
>>         local_time = (ktime_get_real_seconds() - (sys_tz.tz_minuteswest * 60));
>>         div_u64_rem(local_time - (3 * 86400), 604800, &schedulertime);
>> -       schedulertime = cpu_to_le32(schedulertime % 604800);
>> +       cpu_to_le32p(&schedulertime);
>>
>>         memcpy(param->data, &schedulertime, sizeof(u32));
> 
> You dropped the '%' operation, and the result of the byteswap?

schedulertime is the remainder from the previous line, so it is <604800 already.
You're right about that being the wrong function -- I meant to use cpu_to_le32s
to swap it in place, to avoid needing a second variable.

>> @@ -1004,7 +1004,7 @@ static int twa_fill_sense(TW_Device_Extension *tw_dev, int request_id, int copy_
>>                                full_command_packet->header.status_block.error,
>>                                error_str[0] == '\0' ?
>>                                twa_string_lookup(twa_error_table,
>> -                                                full_command_packet->header.status_block.error) : error_str,
>> +                                                le16_to_cpu(full_command_packet->header.status_block.error)) : error_str,
>>                                full_command_packet->header.err_specific_desc);
>>                 else
> 
> This looks correct, but the error value has already been copied into the local
> 'error' variable, which you could use for simplification. As 'status_block' is
> defined as a native_endian structure, this also introduced a sparse warning.

I'll use 'error' in v2, thanks for the hint.

>> @@ -1012,7 +1012,7 @@ static int twa_fill_sense(TW_Device_Extension *tw_dev, int request_id, int copy_
>>                                full_command_packet->header.status_block.error,
>>                                error_str[0] == '\0' ?
>>                                twa_string_lookup(twa_error_table,
>> -                                                full_command_packet->header.status_block.error) : error_str,
>> +                                                le16_to_cpu(full_command_packet->header.status_block.error)) : error_str,
> 
> Same here
> 
>        Arnd
> 

Cheers,
Samuel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ