lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BY5PR04MB632750DA310BEBF92DB80908ED749@BY5PR04MB6327.namprd04.prod.outlook.com>
Date:   Thu, 8 Apr 2021 10:25:13 +0000
From:   Arthur Simchaev <Arthur.Simchaev@....com>
To:     Bart Van Assche <bvanassche@....org>,
        "James E . J . Bottomley" <jejb@...ux.vnet.ibm.com>,
        "Martin K . Petersen" <martin.petersen@...cle.com>,
        "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:     "alim.akhtar@...sung.com" <alim.akhtar@...sung.com>,
        Bean Huo <beanhuo@...ron.com>
Subject: RE: [PATCH v2] scsi: ufs: sysfs: Print string descriptors as raw data


> -----Original Message-----
> From: Bart Van Assche <bvanassche@....org>
> Sent: Wednesday, March 17, 2021 5:31 AM
> To: Arthur Simchaev <Arthur.Simchaev@....com>; James E . J . Bottomley
> <jejb@...ux.vnet.ibm.com>; Martin K . Petersen
> <martin.petersen@...cle.com>; linux-scsi@...r.kernel.org; linux-
> kernel@...r.kernel.org
> Cc: alim.akhtar@...sung.com; Bean Huo <beanhuo@...ron.com>
> Subject: Re: [PATCH v2] scsi: ufs: sysfs: Print string descriptors as raw data
> 
> CAUTION: This email originated from outside of Western Digital. Do not click
> on links or open attachments unless you recognize the sender and know that
> the content is safe.
> 
> 
> On 2/15/21 9:40 AM, Arthur Simchaev wrote:
> > -#define UFS_STRING_DESCRIPTOR(_name, _pname)                         \
> > +#define UFS_STRING_DESCRIPTOR(_name, _pname, _is_ascii)              \
> >  static ssize_t _name##_show(struct device *dev,                              \
> >       struct device_attribute *attr, char *buf)                       \
> >  {                                                                    \
> > @@ -690,10 +690,18 @@ static ssize_t _name##_show(struct device *dev,
> \
> >       kfree(desc_buf);                                                \
> >       desc_buf = NULL;                                                \
> >       ret = ufshcd_read_string_desc(hba, index, &desc_buf,            \
> > -                                   SD_ASCII_STD);                    \
> > +                                   _is_ascii);                       \
> >       if (ret < 0)                                                    \
> >               goto out;                                               \
> > -     ret = sysfs_emit(buf, "%s\n", desc_buf);                        \
> > +     if (_is_ascii) {                                                \
> > +             ret = sysfs_emit(buf, "%s\n", desc_buf);                \
> > +     } else {                                                        \
> > +             int i;                                                  \
> > +                                                                     \
> > +             for (i = 0; i < desc_buf[0]; i++)                       \
> > +                     hex_byte_pack(buf + i * 2, desc_buf[i]);        \
> > +             ret = sysfs_emit(buf, "%s\n", buf);                     \
> > +     }                       \
> >  out:                                                                 \
> >       pm_runtime_put_sync(hba->dev);                                  \
> >       kfree(desc_buf);                                                \
> 
> Hex data needs to be parsed before it can be used by any software. Has
> it been considered to make the "raw" attributes binary attributes
> instead of hex-encoded binary? See also sysfs_create_bin_file().
> 
> Thanks,
> 
> Bart.

Hi Bart,
Thank you for your comments.

The typical use case that originate this issue, is of some flash vendor's field engineer reading the serial part number.
All other string descriptors are less of an issue.

The current Jedec spec allows the serial number may not be ascii convertible . For example:
 - ufshcd_read_string_desc(bool asci = false):  00 1d 00 20 00 95 00 20 00 ec 00 84 00 5b 00 14
 - ufshcd_read_string_desc(bool asci = true):  "  ]  "

Therefore, upon reading the "raw" serial number, the user can verify the data integrity.

How about just applying this change to the serial number sysfs entry, and drop all others?

Regards
Arthur

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ