lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 16 Apr 2024 14:32:12 +0800
From: Sam Sun <samsun1006219@...il.com>
To: Bart Van Assche <bvanassche@....org>
Cc: linux-kernel@...r.kernel.org, martin.petersen@...cle.com, 
	linux-scsi@...r.kernel.org, xrivendell7@...il.com, 
	syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH] drivers: scsi: fix shift-out-of-bounds in sg_build_indirect

On Tue, Apr 16, 2024 at 1:26 AM Bart Van Assche <bvanassche@....org> wrote:
>
> On 4/14/24 20:14, Sam Sun wrote:
> > -    num = scatter_elem_sz;
> > +    num = max(scatter_elem_sz, PAGE_SIZE);
>
> Shouldn't the following statements be modified instead of the above
> statement? I think these are the only statements that can cause
> scatter_elem_sz to become smaller than PAGE_SIZE:
>
>         scatter_elem_sz = ret_sz;
>         scatter_elem_sz_prev = ret_sz;
>

Yes, these statements are the only statements that modify
scatter_elem_sz. However, ret_sz will never be less than PAGE_SIZE,
since it is calculated by 1 << (PAGE_SIZE + order), and order will not
be less than zero. So I think these statements do not need to be
modified.

scatter_elem_sz is also exported to userspace by sysfs interface
(macro module_param_named()), and privileged users could modify it to
any int they want. So I also set the exported type to uint in this
patch. Should I also change the type of scatter_elem_sz and
scatter_elem_sz_prev also to uint?

Best Regards,
Yue

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ