lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b8de4e95-d598-49dc-83aa-a9ffc2714a24@linaro.org>
Date: Fri, 29 Nov 2024 10:07:48 +0100
From: Neil Armstrong <neil.armstrong@...aro.org>
To: Viresh Kumar <viresh.kumar@...aro.org>
Cc: Viresh Kumar <vireshk@...nel.org>, Nishanth Menon <nm@...com>,
 Stephen Boyd <sboyd@...nel.org>,
 Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>,
 linux-pm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] OPP: add index check to assert to avoid buffer
 overflow in _read_freq()

On 29/11/2024 10:04, Viresh Kumar wrote:
> On 29-11-24, 09:53, Neil Armstrong wrote:
>> Hi,
>>
>> On 29/11/2024 09:40, Viresh Kumar wrote:
>>> On 28-11-24, 11:07, Neil Armstrong wrote:
>>>> Pass the freq index to the assert function to make sure
>>>> we do not read a freq out of the opp->rates[] table.
>>>>
>>>> Without that the index value is never checked when called from
>>>> dev_pm_opp_find_freq_exact_indexed() or
>>>> dev_pm_opp_find_freq_ceil/floor_indexed().
>>>
>>> These APIs aren't supported for cases where we have more than one clks
>>> available and hence assert for single clk.
>>>
>>
>> I don't understand, the _indexed functions clearly have an index parameter
>> which is documented as "Clock index"
> 
> Ahh, I missed that there are few _indexed() helpers as well which you are
> correctly modifying.
> 
>> I agree we could leave the other ones with assert_single_clk, but we would
>> need to duplicate it to have one with the index parameter, so it felt simpler
>> to use assert_clk_index everywhere but indeed we do not exclude them for
>> when there's multiple clock...
> 
> What prevents a user to call dev_pm_opp_find_freq_exact() for a multi-clk setup
> after your patch ? As we use Index = 0 here in the code.
> 
> That's why I would prefer the earlier assert for all these, except the indexed
> ones.

Yes, let me send a v2 with this addressed

Thanks,
Neil

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ