lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6f25e6fb-bebc-3f9b-9876-5e14d2582f6@linux.intel.com>
Date:   Mon, 16 Oct 2023 13:33:41 +0300 (EEST)
From:   Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To:     Vamshi Gajjela <vamshigajjela@...gle.com>
cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jiri Slaby <jirislaby@...nel.org>,
        linux-serial <linux-serial@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>, manugautam@...gle.com,
        Subhash Jadavani <sjadavani@...gle.com>,
        Channa Kadabi <kadabi@...gle.com>
Subject: Re: [PATCH 1/3] serial: core: Potential overflow of frame_time

On Sat, 14 Oct 2023, Vamshi Gajjela wrote:

> From: VAMSHI GAJJELA <vamshigajjela@...gle.com>
> 
> uart_update_timeout() sets a u64 value to an unsigned int frame_time.

Yes it does, because uart_update_timeout() does math that requires u64 but 
the result is always smaller than what requires u64. If you insist on 
doing something add the cast there.

> While it can be cast to u32 before assignment, there's a specific case
> where frame_time is cast to u64.

Because it gets multipled with something that results in a big number
The cast is all correct too because the developer actually thought of 
possiblity of an overflow on multiply (something every developer should 
be conscious of), so there's nothing to see there either. 

> Since frame_time consistently
> participates in u64 arithmetic, its data type is converted to u64 to
> eliminate the need for explicit casting.

You need a way more convincing argument that that since you're not even 
converting it to u64 like you falsely stated so the sizes still won't 
match on all architectures.

I see you've realized u32 is more than enough to store frame time for the 
speeds UART operates with? So why exactly is this patch needed? Should all 
the other cases where 64-bit arithmetic needs to be used in the kernel be 
similarly upconverted to 64 bits?

Also, did you happen to realize frame_time also participates in 32-bit 
arithmetic which you just make much worse with this change? (Yes, there 
are 32-bit divides done for it.)

So NACK from me to this "fix" of a non-problem by causing much worse 
problems you seem to be entirely unaware.

NACKED-by:  Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>

-- 
 i.

> Signed-off-by: VAMSHI GAJJELA <vamshigajjela@...gle.com>
> ---
>  include/linux/serial_core.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/include/linux/serial_core.h b/include/linux/serial_core.h
> index bb6f073bc159..b128513b009a 100644
> --- a/include/linux/serial_core.h
> +++ b/include/linux/serial_core.h
> @@ -558,7 +558,7 @@ struct uart_port {
>  
>  	bool			hw_stopped;		/* sw-assisted CTS flow state */
>  	unsigned int		mctrl;			/* current modem ctrl settings */
> -	unsigned int		frame_time;		/* frame timing in ns */
> +	unsigned long		frame_time;		/* frame timing in ns */
>  	unsigned int		type;			/* port type */
>  	const struct uart_ops	*ops;
>  	unsigned int		custom_divisor;
> @@ -764,7 +764,7 @@ unsigned int uart_get_divisor(struct uart_port *port, unsigned int baud);
>   */
>  static inline unsigned long uart_fifo_timeout(struct uart_port *port)
>  {
> -	u64 fifo_timeout = (u64)READ_ONCE(port->frame_time) * port->fifosize;
> +	u64 fifo_timeout = READ_ONCE(port->frame_time) * port->fifosize;
>  
>  	/* Add .02 seconds of slop */
>  	fifo_timeout += 20 * NSEC_PER_MSEC;
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ