lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 28 Jul 2022 19:28:22 +0100
From:   "Russell King (Oracle)" <linux@...linux.org.uk>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Guenter Roeck <linux@...ck-us.net>,
        Yury Norov <yury.norov@...il.com>,
        Dennis Zhou <dennis@...nel.org>,
        Catalin Marinas <catalin.marinas@....com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: Linux 5.19-rc8

On Tue, Jul 26, 2022 at 10:12:21AM +0100, Russell King (Oracle) wrote:
> First I'm aware of it. Was it reported to linux-arm-kernel? I'm guessing
> the report wasn't Cc'd to me - I can't find anything in my mailbox about
> it.
> 
> > I think the fix might be something like this:
> > 
> >   diff --git a/arch/arm/lib/findbit.S b/arch/arm/lib/findbit.S
> >   index b5e8b9ae4c7d..b36ca301892e 100644
> >   --- a/arch/arm/lib/findbit.S
> >   +++ b/arch/arm/lib/findbit.S
> >   @@ -83,6 +83,8 @@ ENDPROC(_find_first_bit_le)
> >    ENTRY(_find_next_bit_le)
> >                 teq     r1, #0
> >                 beq     3b
> >   +             cmp     r2, r1
> >   +             bhs     3b
> >                 ands    ip, r2, #7
> >                 beq     1b                      @ If new byte, goto old routine
> >     ARM(                ldrb    r3, [r0, r2, lsr #3]    )
> > 
> > but my ARM asm is so broken that the above is just really random noise
> > that may or may not build - much less work.
> > 
> > I'll leave it to Russell &co to have a tested and working patch.
> 
> I think it needs a bit more than that, but as you point out in later
> emails, the compiler may do a better job for this.

Okay, I've moved my patch that fixes this (without adding a single line
of code!) to my fixes branch, which I'll ask you to pull in the next
couple of days.

Each of the _find_next_* functions had:

	teq	r1, #0
	beq	3b

at the beginning to catch the case where size == 0. This is now:

	cmp	r2, r1
	bhs	3b

which is the C equivalent of:

	if (offset >= size)
		goto 3b;

where both are unsigned, and nicely covers the case where size == 0 as
before (since if size is 0, the condition is always true irrespective
of the value of offset.)

We can sort out the question of keeping this code or not later, but I
think as this has been spotted as an issue, it's important to get it
fixed.

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ