lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y2PBA5hmqm9G/DNT@kroah.com>
Date:   Thu, 3 Nov 2022 22:24:19 +0900
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Shuah Khan <skhan@...uxfoundation.org>
Cc:     shuah@...nel.org, valentina.manea.m@...il.com,
        linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] usb/usbip: Fix v_recv_cmd_submit() to use PIPE_BULK
 define

On Thu, Nov 03, 2022 at 07:12:43AM -0600, Shuah Khan wrote:
> Fix v_recv_cmd_submit() to use PIPE_BULK define instead of hard coded
> values. This also fixes the following signed integer overflow error
> reported by cppcheck. This is not an issue since pipe is unsigned int.
> However, this change improves the code to use proper define.
> 
> drivers/usb/usbip/vudc_rx.c:152:26: error: Signed integer overflow for expression '3<<30'. [integerOverflow]
>  urb_p->urb->pipe &= ~(3 << 30);
> 
> In addition, add a sanity check for PIPE_BULK != 3 as the code path depends
> on PIPE_BULK = 3.
> 
> Signed-off-by: Shuah Khan <skhan@...uxfoundation.org>
> ---
>  drivers/usb/usbip/vudc_rx.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/usb/usbip/vudc_rx.c b/drivers/usb/usbip/vudc_rx.c
> index a6ca27f10b68..e7e0eb6bbca0 100644
> --- a/drivers/usb/usbip/vudc_rx.c
> +++ b/drivers/usb/usbip/vudc_rx.c
> @@ -149,7 +149,10 @@ static int v_recv_cmd_submit(struct vudc *udc,
>  	urb_p->urb->status = -EINPROGRESS;
>  
>  	/* FIXME: more pipe setup to please usbip_common */
> -	urb_p->urb->pipe &= ~(3 << 30);
> +#if PIPE_BULK != 3
> +#error "Sanity check failed, this code presumes PIPE_... to range from 0 to 3"
> +#endif

Perhaps use BUILD_BUG_ON() instead of hand-rolling one?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ