lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAATdQgDSCzZtiDSQk94CYHfSb9Mq28OH7-RdaTZNv3oPrW3nkQ@mail.gmail.com>
Date:   Mon, 9 Aug 2021 17:42:05 +0800
From:   Ikjoon Jang <ikjn@...omium.org>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-usb@...r.kernel.org,
        Chunfeng Yun <chunfeng.yun@...iatek.com>,
        "moderated list:ARM/Mediatek SoC support" 
        <linux-mediatek@...ts.infradead.org>,
        Matthias Brugger <matthias.bgg@...il.com>,
        open list <linux-kernel@...r.kernel.org>,
        "moderated list:ARM/Mediatek SoC support" 
        <linux-arm-kernel@...ts.infradead.org>,
        Mathias Nyman <mathias.nyman@...el.com>
Subject: Re: [RFC PATCH] usb: xhci-mtk: handle bandwidth table rollover

On Mon, Aug 9, 2021 at 5:11 PM Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
>
> On Mon, Aug 09, 2021 at 04:59:29PM +0800, Ikjoon Jang wrote:
> > xhci-mtk has 64 slots for periodic bandwidth calculations and each
> > slot represents byte budgets on a microframe. When an endpoint's
> > allocation sits on the boundary of the table, byte budgets' slot
> > should be rolled over but the current implementation doesn't.
> >
> > This patch applies a 6 bits mask to the microframe index to handle
> > its rollover 64 slots and prevent out-of-bounds array access.
> >
> > Signed-off-by: Ikjoon Jang <ikjn@...omium.org>
> > ---
> >
> >  drivers/usb/host/xhci-mtk-sch.c | 79 +++++++++------------------------
> >  drivers/usb/host/xhci-mtk.h     |  1 +
> >  2 files changed, 23 insertions(+), 57 deletions(-)
>
> Why is this "RFC"?  What needs to be addressed in this change before it
> can be accepted?

sorry, I had to mention why this is RFC:

I simply don't know about the details of the xhci-mtk internals.
It was okay from my tests with mt8173 and I think this will be harmless
as this is "better than before".

But when I removed get_esit_boundary(), I really have no idea why
it was there. I'm wondering if there was another reason of that function
other than just preventing out-of-bounds. Maybe chunfeng can answer this?

Thanks!

>
> thanks,
>
> greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ