lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 26 Mar 2024 22:43:36 +0800
From: Kyle Tso <kyletso@...gle.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: linux@...ck-us.net, heikki.krogerus@...ux.intel.com, badhri@...gle.com, 
	linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org, 
	stable@...r.kernel.org
Subject: Re: [PATCH v1] usb: typec: tcpm: Correct the PDO counting in pd_set

On Tue, Mar 26, 2024 at 5:30 PM Greg KH <gregkh@...uxfoundation.org> wrote:
>
> On Tue, Mar 19, 2024 at 03:43:37PM +0800, Kyle Tso wrote:
> > The index in the loop has already been added one and is equal to the
> > number of PDOs to be updated when leaving the loop.
>
> That says what is happening but not the issue that is being addressed.
> What is the problem with the number being off by one?  Is this a "crash
> the system" or merely "our accounting is wrong"?
>
> thank,
>
> greg k-h

When doing the power negotiation, TCPM relies on the "nr_snk_pdo" as
the size of the local sink PDO array to match the Source capabilities
of the partner port. If the off-by-one overflow  occurs, a wrong RDO
might be sent and unexpected power transfer might happen such as over
voltage or over current (than expected).

"nr_src_pdo" is used to set the Rp level when the port is in Source
role. It is also the array size of the local Source capabilities when
filling up the buffer which will be sent as the Source PDOs (such as
in Power Negotiation). If the off-by-one overflow occurs, a wrong Rp
level might be set and wrong Source PDOs will be sent to the partner
port. This could potentially cause over current or port resets.

I will update the commit message in the next version of this patch.

Kyle

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ