| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Dec 2022 16:18:59 -0800
From: Bart Van Assche <bvanassche@....org>
To: Arthur Simchaev <Arthur.Simchaev@....com>,
martin.petersen@...cle.com
Cc: beanhuo@...ron.com, linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 4/4] ufs: core: Remove ufshcd_map_desc_id_to_length
function
On 12/11/22 05:05, Arthur Simchaev wrote:
> There shouldn't be any restriction of the descriptor size
> (not the descriptor id for that matter) up to QUERY_DESC_MAX_SIZE.
> According to the spec, the caller can use any descriptor size,
> and it is up to the device to return the actual size.
> Therefore there shouldn't be any sizes hardcoded in the kernel,
> nor any need to cache it, hence ufshcd_map_desc_id_to_length function is
> redundant. Always read the descriptors with QUERY_DESC_MAX_SIZE size.
>
> Reviewed-by: Bart Van Assche <bvanassche@....org>
I have not yet replied with "Reviewed-by" to this patch so you are not
yet allowed to add my Reviewed-by tag to this patch.
> + /* Update descriptor length */
> + buff_len = desc_buf[QUERY_DESC_LENGTH_OFFSET];
Should a check be added here that desc_buf[QUERY_DESC_LENGTH_OFFSET]
<= QUERY_DESC_MAX_SIZE to protect against firmware bugs? Since
QUERY_DESC_MAX_SIZE == 255, adding BUILD_BUG_ON(QUERY_DESC_SIZE != 255)
and a comment may be sufficient.
Thanks,
Bart.
Powered by blists - more mailing lists