lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <d5ac7346-f8ad-43b7-a794-9b7a55fedc3c@suswa.mountain>
Date: Mon, 1 Jul 2024 16:21:58 +0200
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Aleksandr Mishin <amishin@...rgos.ru>
Cc: Martyn Welch <martyn.welch@...anuc.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Soumya Negi <soumya.negi97@...il.com>,
	Michael Straube <straube.linux@...il.com>,
	linux-kernel@...r.kernel.org, linux-staging@...ts.linux.dev,
	lvc-project@...uxtesting.org
Subject: Re: [PATCH v2] staging: vme_user: Validate geoid value used for VME
 window address

On Tue, Jun 25, 2024 at 12:58:04PM +0300, Aleksandr Mishin wrote:
> The address of VME window is either set by jumpers (VME64) or derived from
> the slot number (geographical addressing, VME64x) with the formula:
> address = slot# * 0x80000
> https://indico.cern.ch/event/68278/contributions/1234555/attachments/
> 1024465/1458672/VMEbus.pdf
> 
> slot# value can be set from module parameter 'geoid' which can contain any
> value. In this case the value of an arithmetic expression 'slot# * 0x80000'
> is a subject to overflow because its operands are not cast to a larger data
> type before performing arithmetic.
> 
> Validate the provided geoid value using the Geographic Addr Mask.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: d22b8ed9a3b0 ("Staging: vme: add Tundra TSI148 VME-PCI Bridge driver")
> Suggested-by: Dan Carpenter <dan.carpenter@...aro.org>
> Signed-off-by: Aleksandr Mishin <amishin@...rgos.ru>
> ---
> v1->v2: Move geoid validation to the probe() function as suggested by Dan

Yeah, I think this works.

Reviewed-by: Dan Carpenter <dan.carpenter@...aro.org>

regards,
dan carpenter


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ