lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cc6ee73c-fdb7-46bd-4f02-f342db846e4e@omp.ru>
Date: Wed, 3 Apr 2024 21:10:10 +0300
From: Sergey Shtylyov <s.shtylyov@....ru>
To: Sasha Levin <sashal@...nel.org>, <linux-kernel@...r.kernel.org>,
	<stable@...r.kernel.org>
CC: Karina Yankevich <k.yankevich@....ru>, Alan Stern
	<stern@...land.harvard.edu>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	<linux-usb@...r.kernel.org>, <usb-storage@...ts.one-eyed-alien.net>
Subject: Re: [PATCH AUTOSEL 6.8 02/28] usb: storage: sddr55: fix sloppy typing
 in sddr55_{read|write}_data()

On 4/3/24 8:16 PM, Sasha Levin wrote:

> From: Karina Yankevich <k.yankevich@....ru>
> 
> [ Upstream commit d6429a3555fb29f380c5841a12f5ac3f7444af03 ]
> 
> In sddr55_{read|write}_data(), the address variables are needlessly typed
> as *unsigned long* -- which is 32-bit type on the 32-bit arches and 64-bit
> type on the 64-bit arches; those variables' value should fit into just 3
> command bytes and consists of 10-bit block # (or at least the max block #
> seems to be 1023) and 4-/5-bit page # within a block, so 32-bit *unsigned*
> *int* type should be more than enough...
> 
> Found by Linux Verification Center (linuxtesting.org) with the Svace static
> analysis tool.
> 
> [Sergey: rewrote the patch subject/description]
> 
> Signed-off-by: Karina Yankevich <k.yankevich@....ru>
> Signed-off-by: Sergey Shtylyov <s.shtylyov@....ru>
> Reviewed-by: Alan Stern <stern@...land.harvard.edu>
> Link: https://lore.kernel.org/r/4c9485f2-0bfc-591b-bfe7-2059289b554e@omp.ru
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Signed-off-by: Sasha Levin <sashal@...nel.org>

[...]

   I doubt this is worth pulling into the stable kernels, it
does not fix any serious issue...

MBR, Sergey

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ