lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wiFRok=hU_BNEsqodjyGm=XV9LVZ1w=cm4ooEtWVpYLPg@mail.gmail.com>
Date:   Wed, 24 Aug 2022 10:31:35 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Jean Delvare <jdelvare@...e.de>
Cc:     LKML <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] dmi update for v5.19

On Mon, Aug 22, 2022 at 5:19 AM Jean Delvare <jdelvare@...e.de> wrote:
>
> Andy Shevchenko (1):
>       firmware: dmi: Use the proper accessor for the version field

I pulled this, but I kind of question it.

This replaces a single 32-bit memory access (and an optimized byte
swap) and a mask operation with three load-byte-and-shift operations.

It's not clear that the new code is better.

That said, I can't imagine it matters - but because I looked at it, I
note that the length check seems to be kind of iffy.

The code checks that the length of the block is < 32 before doing the
checksum on it, but shouldn't it also check for some minimum size?
Otherwise the dmi checksum is kind of pointless, isn't it?

It will access a minimum of 24 bytes for that dmi_base thing, so that
would be the most obvious minimum value. But maybe there is some
spec-defined size for that that only covers the header?

           Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ