lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d2696256-639b-4b20-3612-6dcfe68313a1@mev.co.uk>
Date:   Tue, 7 Jun 2022 17:50:11 +0100
From:   Ian Abbott <abbotti@....co.uk>
To:     Johan Hovold <johan@...nel.org>
Cc:     linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        H Hartley Sweeten <hsweeten@...ionengravers.com>,
        stable@...r.kernel.org
Subject: Re: [PATCH] comedi: vmk80xx: fix expression for tx buffer size

On 07/06/2022 17:16, Johan Hovold wrote:
> On Mon, Jun 06, 2022 at 11:52:37AM +0100, Ian Abbott wrote:
>> The expression for setting the size of the allocated bulk TX buffer
>> (`devpriv->usb_tx_buf`) is calling `usb_endpoint_maxp(devpriv->ep_rx)`,
>> which is using the wrong endpoint (should be `devpriv->ep_tx`).  Fix it.
> 
> Bah. Good catch.
> 
>> Fixes: a23461c47482 ("comedi: vmk80xx: fix transfer-buffer overflow")
>> Cc: Johan Hovold <johan@...nel.org>
>> Cc: stable@...r.kernel.org # 5.10, 5.15+
> 
> I believe this one is needed in all stable trees (e.g. 4.9+).

True.  I didn't think the patch it fixes had been applied yet, but I 
didn't look hard enough.  I'll send a v2 with amended Cc line.

> 
>> Signed-off-by: Ian Abbott <abbotti@....co.uk>
>> ---
>>   drivers/comedi/drivers/vmk80xx.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/comedi/drivers/vmk80xx.c b/drivers/comedi/drivers/vmk80xx.c
>> index 46023adc5395..4536ed43f65b 100644
>> --- a/drivers/comedi/drivers/vmk80xx.c
>> +++ b/drivers/comedi/drivers/vmk80xx.c
>> @@ -684,7 +684,7 @@ static int vmk80xx_alloc_usb_buffers(struct comedi_device *dev)
>>   	if (!devpriv->usb_rx_buf)
>>   		return -ENOMEM;
>>   
>> -	size = max(usb_endpoint_maxp(devpriv->ep_rx), MIN_BUF_SIZE);
>> +	size = max(usb_endpoint_maxp(devpriv->ep_tx), MIN_BUF_SIZE);
>>   	devpriv->usb_tx_buf = kzalloc(size, GFP_KERNEL);
>>   	if (!devpriv->usb_tx_buf)
>>   		return -ENOMEM;
> 
> Looks good otherwise:
> 
> Reviewed-by: Johan Hovold <johan@...nel.org>

Thanks for the review!

-- 
-=( Ian Abbott <abbotti@....co.uk> || MEV Ltd. is a company  )=-
-=( registered in England & Wales.  Regd. number: 02862268.  )=-
-=( Regd. addr.: S11 & 12 Building 67, Europa Business Park, )=-
-=( Bird Hall Lane, STOCKPORT, SK3 0XA, UK. || www.mev.co.uk )=-

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ