| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Mar 2024 22:43:36 +0800 From: Kyle Tso <kyletso@...gle.com> To: Greg KH <gregkh@...uxfoundation.org> Cc: linux@...ck-us.net, heikki.krogerus@...ux.intel.com, badhri@...gle.com, linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH v1] usb: typec: tcpm: Correct the PDO counting in pd_set On Tue, Mar 26, 2024 at 5:30 PM Greg KH <gregkh@...uxfoundation.org> wrote: > > On Tue, Mar 19, 2024 at 03:43:37PM +0800, Kyle Tso wrote: > > The index in the loop has already been added one and is equal to the > > number of PDOs to be updated when leaving the loop. > > That says what is happening but not the issue that is being addressed. > What is the problem with the number being off by one? Is this a "crash > the system" or merely "our accounting is wrong"? > > thank, > > greg k-h When doing the power negotiation, TCPM relies on the "nr_snk_pdo" as the size of the local sink PDO array to match the Source capabilities of the partner port. If the off-by-one overflow occurs, a wrong RDO might be sent and unexpected power transfer might happen such as over voltage or over current (than expected). "nr_src_pdo" is used to set the Rp level when the port is in Source role. It is also the array size of the local Source capabilities when filling up the buffer which will be sent as the Source PDOs (such as in Power Negotiation). If the off-by-one overflow occurs, a wrong Rp level might be set and wrong Source PDOs will be sent to the partner port. This could potentially cause over current or port resets. I will update the commit message in the next version of this patch. Kyle
Powered by blists - more mailing lists