lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BY5PR04MB6327431615BFFFD735EB2502ED6B9@BY5PR04MB6327.namprd04.prod.outlook.com>
Date:   Tue, 16 Aug 2022 14:44:14 +0000
From:   Arthur Simchaev <Arthur.Simchaev@....com>
To:     Daniil Lunev <dlunev@...omium.org>
CC:     "martin.petersen@...cle.com" <martin.petersen@...cle.com>,
        "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "beanhuo@...ron.com" <beanhuo@...ron.com>,
        Avi Shchislowski <Avi.Shchislowski@....com>
Subject: RE: [PATCH] scsi: ufs-bsg: Remove ufs_bsg_get_query_desc_size
 function

Hi Daniil,
Thanks a lot for your review.

> Can you clarify what you mean "hard-coded"? The descriptor size is initialized
> as QUERY_DESC_MAX_SIZE, and updated in `ufshcd_update_desc_length`,
> which is
> called with the actual size upon finishing `ufshcd_read_desc_param`.
> 
> The function you are removing - `ufs_bsg_get_query_desc_size` - doesn't seem
> to
> reject requests on incompatible size, only to restrict the size of the query.
> The way the code is written - if I read it right - will lead to truncation of
> the response if the size of the requested response is less than the actual
> descriptor size, but otherwise you should get full descriptor back.
> 
> Can you provide a specific example where you see the problem to arise?

Reading a new UFS descriptors will be rejected due to hard coded descriptor definitions
in ufshcd_map_desc_id_to_length invoked from ufs_bsg_get_query_desc_size. 
For example FBO descriptor published in Jedec UFS 4.0 spec and already exist in some UFS devices.
Or others reserved descriptors which can be used as vendor's descriptor.
We should be able to read any UFS descriptor of any size (up to QUERY_DESC_MAX_SIZE).
According to the spec, the device will return the actual size.

The ufs bsg driver should not impose any such limitation. It's one of its design guidelines.
E.g. as done for the attributes, flags the kernel doesn't check it size(for attributes is the max - 4 bytes), 
nor access (read/write).
And just returns an appropriate error code should an error occur.


Regards
Arthur

Regards
Arthur

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ