| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Jul 2021 10:19:54 +0100
From: "Russell King (Oracle)" <linux@...linux.org.uk>
To: Uwe Kleine-König
<u.kleine-koenig@...gutronix.de>
Cc: Salah Triki <salah.triki@...il.com>, fabrice.gasnier@...s.st.com,
thierry.reding@...il.com, lee.jones@...aro.org,
mcoquelin.stm32@...il.com, alexandre.torgue@...s.st.com,
linux-pwm@...r.kernel.org,
linux-stm32@...md-mailman.stormreply.com,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] divide by 3*sizeof(u32) when computing array_size
On Tue, Jul 13, 2021 at 08:30:53AM +0200, Uwe Kleine-König wrote:
> Hello Salah,
>
> On Tue, Jul 13, 2021 at 12:19:10AM +0100, Salah Triki wrote:
> > Divide by 3*sizeof(u32) when computing array_size, since stm32_breakinput
> > has 3 fields of type u32.
> >
> > Signed-off-by: Salah Triki <salah.triki@...il.com>
> > ---
> > drivers/pwm/pwm-stm32.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/pwm/pwm-stm32.c b/drivers/pwm/pwm-stm32.c
> > index 794ca5b02968..fb21bc2b2dd6 100644
> > --- a/drivers/pwm/pwm-stm32.c
> > +++ b/drivers/pwm/pwm-stm32.c
> > @@ -544,7 +544,7 @@ static int stm32_pwm_probe_breakinputs(struct stm32_pwm *priv,
> > return -EINVAL;
> >
> > priv->num_breakinputs = nb;
> > - array_size = nb * sizeof(struct stm32_breakinput) / sizeof(u32);
> > + array_size = nb * sizeof(struct stm32_breakinput) / (3 * sizeof(u32));
> > ret = of_property_read_u32_array(np, "st,breakinput",
> > (u32 *)priv->breakinputs, array_size);
> > if (ret)
>
> I agree with Philipp here; this looks strange and needs a better
> description.
>
> Looking a bit more in details:
>
> - priv->breakinputs has type struct stm32_breakinput[MAX_BREAKINPUT]
> - nb is in [0 .. MAX_BREAKINPUT]
> - sizeof(struct stm32_breakinput) == 3 * sizeof(u32)
> - of_property_read_u32_array reads $array_size u32 quantities
>
> so to read $nb members of type stm32_breakinput array_size must be a
> multiple of 3 which isn't given any more after your patch. This makes me
> believe your suggested change to be wrong.
I concur with your analysis. "array_size" is the number of u32 values
to read from DT. It is not the number of entries in priv->breakinputs.
I would also note that the code relies on there being no padding in
struct stm32_breakinput - it should be noted that a strict
interpretation of the C standard allows padding to be added anywhere
to a structure - at the start, end or between members.
Some further thoughts... DT is effectively an interface (we maintain
definitions of what we expect.) The way the code is structured,
"struct stm32_breakinput" defines that interface. Maybe this should
be commented, and maybe there should be a build time assert that
"sizeof(struct stm32_breakinput)" is "3 * sizeof(u32)" since the
code is relying on that property?
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
Powered by blists - more mailing lists