lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZZZvQcWKHd2Pmg3O@rric.localdomain>
Date: Thu, 4 Jan 2024 09:41:37 +0100
From: Robert Richter <rrichter@....com>
To: Dan Williams <dan.j.williams@...el.com>
Cc: Ira Weiny <ira.weiny@...el.com>, Davidlohr Bueso <dave@...olabs.net>,
	Jonathan Cameron <jonathan.cameron@...wei.com>,
	Dave Jiang <dave.jiang@...el.com>,
	Alison Schofield <alison.schofield@...el.com>,
	Vishal Verma <vishal.l.verma@...el.com>, linux-cxl@...r.kernel.org,
	linux-kernel@...r.kernel.org, Fan Ni <nifan.cxl@...il.com>,
	Lukas Wunner <lukas@...ner.de>
Subject: Re: [PATCH] cxl/pci: Get rid of pointer arithmetic reading CDAT table

This threat slipped away end of last year...

On 14.12.23 20:34:09, Dan Williams wrote:
> Robert Richter wrote:
> > On 17.11.23 21:09:18, Robert Richter wrote:
> > > I will send an on-top patch for 6.8 that reworks that code area to
> > > remove the pointer arithmetic.
> > 
> > Here it is:
> > 
> > From 13787f72c20b8c54754ae86015d982307eae0397 Mon Sep 17 00:00:00 2001
> > From: Robert Richter <rrichter@....com>
> > Subject: [PATCH] cxl/pci: Get rid of pointer arithmetic reading CDAT table
> > 
> > Reading the CDAT table using DOE requires a Table Access Response
> > Header in addition to the CDAT entry. In current implementation this
> > has caused offsets with sizeof(__le32) to the actual buffers. This led
> > to hardly readable code and even bugs (see fix of devm_kfree() in
> > read_cdat_data()).
> > 
> > Rework code to avoid calculations with sizeof(__le32). Introduce
> > struct cdat_doe for this which contains the Table Access Response
> > Header and a variable payload size for various data structures
> > afterwards to access the CDAT table and its CDAT Data Structures
> > without recalculating buffer offsets.
> 
> I like reworking the code to introduce an explicit type for the response
> buffer, but as Ira points out, lets call it a "response" not a
> "cdat_doe".

Looks good.

> 
> The feedback on the flex array is accurate, but I see no reason to have
> 3 flex arrays vs:
> 
> struct cdat_response {
>        __le32 doe_header;
>        union {
>                struct cdat_header header;
>                struct cdat_entry_header entry;
>                u8 table[];
>        };
> } __packed;

The flex arrays are due to sizeof(*doe) which is just the size of the
base payload without any variable data then. Another nice effect of
this is pointer creation of @header and @entry:

	doe->header vs. &doe->header etc.

... which aligns with doe->table too.

This all leads to well readable code.

> 
> As far as I can see nothing outside of drivers/cxl/core/pci.c needs
> 'struct cdat_response', so it can stay local to this C file.
> 
> While you are working on that I will do another lead-in cleanup to kill
> the goto in cxl_cdat_read_table() and let you come back and kill off the
> open-coded "+ sizeof(__le32)" that I will leave behind.

I briefly looked into your patch, but will send for reference a v2
with a rebase onto cxl/next and small updates only. I could prepare a
v3 that bases on your patch afterwards.

Thanks,

-Robert

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ