lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 7 Apr 2024 22:11:29 -0400
From: Sasha Levin <sashal@...nel.org>
To: Sergey Shtylyov <s.shtylyov@....ru>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
	Karina Yankevich <k.yankevich@....ru>,
	Alan Stern <stern@...land.harvard.edu>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-usb@...r.kernel.org, usb-storage@...ts.one-eyed-alien.net
Subject: Re: [PATCH AUTOSEL 6.8 02/28] usb: storage: sddr55: fix sloppy
 typing in sddr55_{read|write}_data()

On Wed, Apr 03, 2024 at 09:10:10PM +0300, Sergey Shtylyov wrote:
>On 4/3/24 8:16 PM, Sasha Levin wrote:
>
>> From: Karina Yankevich <k.yankevich@....ru>
>>
>> [ Upstream commit d6429a3555fb29f380c5841a12f5ac3f7444af03 ]
>>
>> In sddr55_{read|write}_data(), the address variables are needlessly typed
>> as *unsigned long* -- which is 32-bit type on the 32-bit arches and 64-bit
>> type on the 64-bit arches; those variables' value should fit into just 3
>> command bytes and consists of 10-bit block # (or at least the max block #
>> seems to be 1023) and 4-/5-bit page # within a block, so 32-bit *unsigned*
>> *int* type should be more than enough...
>>
>> Found by Linux Verification Center (linuxtesting.org) with the Svace static
>> analysis tool.
>>
>> [Sergey: rewrote the patch subject/description]
>>
>> Signed-off-by: Karina Yankevich <k.yankevich@....ru>
>> Signed-off-by: Sergey Shtylyov <s.shtylyov@....ru>
>> Reviewed-by: Alan Stern <stern@...land.harvard.edu>
>> Link: https://lore.kernel.org/r/4c9485f2-0bfc-591b-bfe7-2059289b554e@omp.ru
>> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>> Signed-off-by: Sasha Levin <sashal@...nel.org>
>
>[...]
>
>   I doubt this is worth pulling into the stable kernels, it
>does not fix any serious issue...

Dropped, thanks!

-- 
Thanks,
Sasha

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ