lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 28 Sep 2021 15:54:53 +0200
From:   Romain Perier <romain.perier@...il.com>
To:     Daniel Palmer <daniel@...f.com>
Cc:     Colin King <colin.king@...onical.com>,
        Daniel Palmer <daniel@...ngy.jp>,
        Alessandro Zummo <a.zummo@...ertech.it>,
        Alexandre Belloni <alexandre.belloni@...tlin.com>,
        Nobuhiro Iwamatsu <iwamatsu@...auri.org>,
        linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
        linux-rtc@...r.kernel.org, kernel-janitors@...r.kernel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH][next] rtc: msc313: Fix unintentional sign extension issue
 on left shift of a u16

Hi,

Le mar. 28 sept. 2021 à 15:31, Daniel Palmer <daniel@...f.com> a écrit :
>
> Hi Colin,
>
> On Tue, 28 Sept 2021 at 21:39, Colin King <colin.king@...onical.com> wrote:
> >Shifting the u16 value returned by readw by 16 bits to the left
> >will be promoted to a 32 bit signed int and then sign-extended
> >to an unsigned long. If the top bit of the readw is set then
> >the shifted value will be sign extended and the top 32 bits of
> >the result will be set.

Good catch !

>
> Ah,.. C is fun in all the wrong places. :)
> These chips are full of 32bit registers that are split into two 16
> registers 4 bytes apart when seen from the ARM CPU so we probably have
> this same mistake in a few other places.
>
> A similar pattern is used a bit later on in the same file to read the counter:
>
> seconds = readw(priv->rtc_base + REG_RTC_CNT_VAL_L)
> | (readw(priv->rtc_base + REG_RTC_CNT_VAL_H) << 16);
>
> I guess it works at the moment because the top bit won't be set until 2038.

The crazy stuff being, I ran rtctest from selftests and rtc-range (1)
that tests a variety
of dates including 2038 and 2106 for example. Both tests passed :) (probably
because *this case* specifically did not happen while running the test)

1. https://git.kernel.org/pub/scm/linux/kernel/git/abelloni/rtc-tools.git/tree/rtc-range.c

Thanks,
Regards,
Romain

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ