| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Jul 2021 11:04:19 +0100
From: Cristian Marussi <cristian.marussi@....com>
To: Peter Hilber <peter.hilber@...nsynergy.com>
Cc: linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
virtualization@...ts.linux-foundation.org,
virtio-dev@...ts.oasis-open.org, sudeep.holla@....com,
james.quinlan@...adcom.com, Jonathan.Cameron@...wei.com,
f.fainelli@...il.com, etienne.carriere@...aro.org,
vincent.guittot@...aro.org, souvik.chakravarty@....com,
igor.skalkin@...nsynergy.com, alex.bennee@...aro.org,
jean-philippe@...aro.org, mikhail.golubev@...nsynergy.com,
anton.yakovlev@...nsynergy.com, Vasyl.Vavrychuk@...nsynergy.com,
Andriy.Tryshnivskyy@...nsynergy.com
Subject: Re: [PATCH v4 01/16] firmware: arm_scmi: Fix max pending messages
boundary check
Hi Peter,
On Thu, Jul 01, 2021 at 10:42:40AM +0200, Peter Hilber wrote:
> Hi Cristian,
>
> please find some remarks to the patch series in this email and the
> following.
>
Thanks for your comments, very much appreciated. I'll reply inline.
Just to let you know, I have ready a V5 series where, beside some
general cleanup and further simplification, I addressed in the SCMI core
the issue that you pointed out about the possible concurrent and out-of-order
response/delayed_response delivery by the transport.
I've refrained from posting that on the list still, due to the merge window
being open. I'll post most probably next week. (still have to see if I
can also simplify probing sequence in V5...which is the last point in my
list)
> On 11.06.21 18:59, Cristian Marussi wrote:
> > SCMI message headers carry a sequence number and such field is sized to
> > allow for MSG_TOKEN_MAX distinct numbers; moreover zero is not really an
> > acceptable maximum number of pending in-flight messages.
> >
> > Fix accordignly the checks performed on the value exported by transports
> > in scmi_desc.max_msg.
> >
> > Reported-by: Vincent Guittot <vincent.guittot@...aro.org>
> > Fixes: aa4f886f3893 ("firmware: arm_scmi: add basic driver infrastructure for SCMI")
> > Signed-off-by: Cristian Marussi <cristian.marussi@....com>
> > ---
> > drivers/firmware/arm_scmi/driver.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c
> > index 66e5e694be7d..6713b259f1e6 100644
> > --- a/drivers/firmware/arm_scmi/driver.c
> > +++ b/drivers/firmware/arm_scmi/driver.c
> > @@ -1025,8 +1025,9 @@ static int __scmi_xfer_info_init(struct scmi_info *sinfo,
> > const struct scmi_desc *desc = sinfo->desc;
> > /* Pre-allocated messages, no more than what hdr.seq can support */
> > - if (WARN_ON(desc->max_msg >= MSG_TOKEN_MAX)) {
> > - dev_err(dev, "Maximum message of %d exceeds supported %ld\n",
> > + if (WARN_ON(!desc->max_msg || desc->max_msg > MSG_TOKEN_MAX)) {
> > + dev_err(dev,
> > + "Invalid max_msg %d. Maximum messages supported %ld.\n",
>
> %ld -> %lu
>
Right, I'll fix.
> > desc->max_msg, MSG_TOKEN_MAX);
> > return -EINVAL;
> > }
> >
Thanks,
Cristian
Powered by blists - more mailing lists