lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Feb 2024 23:13:58 +0100
From: Martin Blumenstingl <martin.blumenstingl@...glemail.com>
To: Daniel Lezcano <daniel.lezcano@...aro.org>
Cc: tglx@...utronix.de, linux-arm-kernel@...ts.infradead.org, 
	linux-kernel@...r.kernel.org, patrice.chotard@...s.st.com, 
	linux-amlogic@...ts.infradead.org
Subject: Re: [PATCH v2] clocksource/drivers/arm_global_timer: Simplify
 prescaler register access

On Sat, Feb 24, 2024 at 10:55 PM Daniel Lezcano
<daniel.lezcano@...aro.org> wrote:
[...]
> > @@ -301,7 +298,7 @@ static int gt_clk_rate_change_cb(struct notifier_block *nb,
> >               psv--;
> >
> >               /* prescaler within legal range? */
> > -             if (psv < 0 || psv > GT_CONTROL_PRESCALER_MAX)
> > +             if (psv < 0 || !FIELD_FIT(GT_CONTROL_PRESCALER_MASK, psv))
> >                       return NOTIFY_BAD;
>
> Won't FIELD_FIT cover psv < 0 also ?
Hmm, I wanted to reply that it doesn't because internally FIELD_FIT()
uses a cast:
((typeof(_mask))(_val) << __bf_shf(_mask)) & (_mask)
My original thought was that the cast would clear the sign bit when in
fact (I think) it will not - it will result in the signed number and
BIT(31) set.
So I think you're right, FIELD_FIT() does cover it.

However, there's something else odd with this code:
We're dividing two frequencies (using DIV_ROUND_CLOSEST) which are two
unsigned values. So the result of the division can never be negative:
  psv = DIV_ROUND_CLOSEST(ndata->new_rate, gt_target_rate);
However, we're additionally decrementing psv by one:
  psv--;
So in reality it can only ever be negative if the result of the
division was zero (for example if new_rate is smaller than
gt_target_rate).
However, in that case we would have crashed - with a division by zero
- in the statement right in the middle of the two mentioned above:
  if (abs(gt_target_rate - (ndata->new_rate / psv)) > MAX_F_ERR)

So I think we need another patch (it's best to order that before this
one): make psv an unsigned int and error out before trying to divide
by zero.
If you have any objections: let me know, otherwise I'll prepare a
patch tomorrow.


Best regards,
Martin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ