| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Aug 2021 14:48:26 +0200
From: Linus Walleij <linus.walleij@...aro.org>
To: Marc Zyngier <maz@...nel.org>
Cc: Linux ARM <linux-arm-kernel@...ts.infradead.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
Android Kernel Team <kernel-team@...roid.com>,
stable <stable@...r.kernel.org>,
Amelie Delaunay <amelie.delaunay@...s.st.com>,
Maxime Coquelin <mcoquelin.stm32@...il.com>,
Alexandre Torgue <alexandre.torgue@...s.st.com>
Subject: Re: [PATCH] pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
On Sun, Jul 25, 2021 at 8:08 PM Marc Zyngier <maz@...nel.org> wrote:
> Casting a small array of u8 to an unsigned long is *never* OK:
>
> - it does funny thing when the array size is less than that of a long,
> as it accesses random places in the stack
> - it makes everything even more fun with a BE kernel
>
> Fix this by building the unsigned long used as a bitmap byte by byte,
> in a way that works across endianess and has no undefined behaviours.
>
> An extra BUILD_BUG_ON() catches the unlikely case where the array
> would be larger than a single unsigned long.
>
> Fixes: 1490d9f841b1 ("pinctrl: Add STMFX GPIO expander Pinctrl/GPIO driver")
> Signed-off-by: Marc Zyngier <maz@...nel.org>
> Cc: stable@...r.kernel.org
> Cc: Amelie Delaunay <amelie.delaunay@...s.st.com>
> Cc: Linus Walleij <linus.walleij@...aro.org>
> Cc: Maxime Coquelin <mcoquelin.stm32@...il.com>
> Cc: Alexandre Torgue <alexandre.torgue@...s.st.com>
Patch applied!
Yours,
Linus Walleij
Powered by blists - more mailing lists