lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 22 Feb 2023 15:50:30 +0100
From:   Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
To:     Konrad Dybcio <konrad.dybcio@...aro.org>,
        Andy Gross <agross@...nel.org>,
        Bjorn Andersson <andersson@...nel.org>,
        Vinod Koul <vkoul@...nel.org>,
        Bard Liao <yung-chuan.liao@...ux.intel.com>,
        Pierre-Louis Bossart <pierre-louis.bossart@...ux.intel.com>,
        Sanyog Kale <sanyog.r.kale@...el.com>,
        linux-arm-msm@...r.kernel.org, alsa-devel@...a-project.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] soundwire: qcom: gracefully handle too many ports in
 DT

On 22/02/2023 15:47, Konrad Dybcio wrote:
> 
> 
> On 22.02.2023 15:44, Krzysztof Kozlowski wrote:
>> There are two issues related to the number of ports coming from
>> Devicetree when exceeding in total QCOM_SDW_MAX_PORTS.  Both lead to
>> incorrect memory accesses:
>> 1. With DTS having too big value of input or output ports, the driver,
>>    when copying port parameters from local/stack arrays into 'pconfig'
>>    array in 'struct qcom_swrm_ctrl', will iterate over their sizes.
>>
>> 2. If DTS also has too many parameters for these ports (e.g.
>>    qcom,ports-sinterval-low), the driver will overflow buffers on the
>>    stack when reading these properties from DTS.
>>
>> Add a sanity check so incorrect DTS will not cause kernel memory
>> corruption.
>>
>> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
>> ---
> Fixes: 02efb49aa805 ("soundwire: qcom: add support for SoundWire controller")

Can be... but is it really a bug of the kernel? Issue is visible with
incorrect DTS and it's not the kernel's job to fix it. If DTS has
incorrect values (e.g. IO addresses) system won't work anyway and that's
the same type of bug.

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ