lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7b48f4c132a8b4b3819282e961fbe8b3ed753069.camel@mediatek.com>
Date:   Wed, 11 Aug 2021 09:01:52 +0000
From:   Chunfeng Yun (云春峰) 
        <Chunfeng.Yun@...iatek.com>
To:     "ikjn@...omium.org" <ikjn@...omium.org>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
CC:     "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "matthias.bgg@...il.com" <matthias.bgg@...il.com>,
        "linux-mediatek@...ts.infradead.org" 
        <linux-mediatek@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
        "mathias.nyman@...el.com" <mathias.nyman@...el.com>
Subject: Re: [RFC PATCH] usb: xhci-mtk: handle bandwidth table rollover

On Mon, 2021-08-09 at 17:42 +0800, Ikjoon Jang wrote:
> On Mon, Aug 9, 2021 at 5:11 PM Greg Kroah-Hartman
> <gregkh@...uxfoundation.org> wrote:
> > 
> > On Mon, Aug 09, 2021 at 04:59:29PM +0800, Ikjoon Jang wrote:
> > > xhci-mtk has 64 slots for periodic bandwidth calculations and
> > > each
> > > slot represents byte budgets on a microframe. When an endpoint's
> > > allocation sits on the boundary of the table, byte budgets' slot
> > > should be rolled over but the current implementation doesn't.
> > > 
> > > This patch applies a 6 bits mask to the microframe index to
> > > handle
> > > its rollover 64 slots and prevent out-of-bounds array access.
> > > 
> > > Signed-off-by: Ikjoon Jang <ikjn@...omium.org>
> > > ---
> > > 
> > >  drivers/usb/host/xhci-mtk-sch.c | 79 +++++++++----------------
> > > --------
> > >  drivers/usb/host/xhci-mtk.h     |  1 +
> > >  2 files changed, 23 insertions(+), 57 deletions(-)
> > 
> > Why is this "RFC"?  What needs to be addressed in this change
> > before it
> > can be accepted?
> 
> sorry, I had to mention why this is RFC:
> 
> I simply don't know about the details of the xhci-mtk internals.
> It was okay from my tests with mt8173 and I think this will be
> harmless
> as this is "better than before".
> 
> But when I removed get_esit_boundary(), I really have no idea why
> it was there. I'm wondering if there was another reason of that
> function
> other than just preventing out-of-bounds. Maybe chunfeng can answer
> this?
We use @esit to prevent out-of-bounds array access. it's not a ring,
can't insert out-of-bounds value into head slot.

> 
> Thanks!
> 
> > 
> > thanks,
> > 
> > greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ