lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 8 Apr 2024 17:10:07 +0100
From: Matthew Wilcox <willy@...radead.org>
To: "Russell King (Oracle)" <linux@...linux.org.uk>
Cc: Danielle Ratson <danieller@...dia.com>, netdev@...r.kernel.org,
	davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
	pabeni@...hat.com, corbet@....net, sdf@...gle.com,
	kory.maincent@...tlin.com, maxime.chevallier@...tlin.com,
	vladimir.oltean@....com, przemyslaw.kitszel@...el.com,
	ahmed.zaki@...el.com, richardcochran@...il.com, shayagr@...zon.com,
	paul.greenwalt@...el.com, jiri@...nulli.us,
	linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
	mlxsw@...dia.com, petrm@...dia.com, idosch@...dia.com
Subject: Re: [PATCH net-next 07/10] ethtool: cmis_cdb: Add a layer for
 supporting CDB commands

On Mon, Apr 08, 2024 at 03:55:19PM +0100, Russell King (Oracle) wrote:
> On Mon, Apr 08, 2024 at 03:53:37PM +0300, Danielle Ratson wrote:
> > +/**
> > + * struct ethtool_cmis_cdb_request - CDB commands request fields as decribed in
> > + *				the CMIS standard
> > + * @id: Command ID.
> > + * @epl_len: EPL memory length.
> > + * @lpl_len: LPL memory length.
> > + * @chk_code: Check code for the previous field and the payload.
> > + * @resv1: Added to match the CMIS standard request continuity.
> > + * @resv2: Added to match the CMIS standard request continuity.
> > + * @payload: Payload for the CDB commands.
> > + */
> > +struct ethtool_cmis_cdb_request {
> > +	__be16 id;
> > +	struct_group(body,
> > +		u16 epl_len;
> 
> u16 with a struct that also uses __be16 looks suspicious.

I'd understand if it were the other way around.  The command ID isn't a
_number_, it's an ID.  You can't add 1 to it and get a meaningful requilt;
all you can do is check it for equality, so a u16 makes sense for an ID.
That's what I did in NVMe; command_id is typed as a __u16.

But a 'length' field is obviously a number.  You can meaningfully add
and subtract numbers to it.  If there's an endian consideration, that's
where you'd expect to see it.

So I concur, this is supicious.

(Oh, you might wonder why namespace ID (nsid) in the NVMe command is
an le32 rather than a u32, since it is also an ID.  And that's because
it's an ID which is exposed to userspace.  You wouldn't want to have big
endian systems call the namespace 16777216 and little endian systems
call it 1)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ