| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250305092411.6962ca52@foxbook> Date: Wed, 5 Mar 2025 09:24:11 +0100 From: MichaĆ Pecio <michal.pecio@...il.com> To: Mathias Nyman <mathias.nyman@...ux.intel.com> Cc: Mathias Nyman <mathias.nyman@...el.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org, Niklas Neronin <niklas.neronin@...ux.intel.com> Subject: Re: [PATCH 1/3] usb: xhci: Simplify update_ring_for_set_deq_completion() On Fri, 21 Feb 2025 15:23:11 +0200, Mathias Nyman wrote: > update_ring_for_set_deq_completion() isn't needed anymore. > Niklas already wrote a patch to remove it. > > It's sitting in my for-usb-next branch > > https://git.kernel.org/pub/scm/linux/kernel/git/mnyman/xhci.git/commit/?h=for-usb-next&id=ee7dab196a7dfc48a1608274329323cb10b4340d I know that it's pure paranoia, but this patch removes a quiet debug message about an obviously abnormal and likely harmful condition. My patch turned it into a nice red error. This will be something to keep in mind, for example somebody could write a patch which reclaims an empty transfer ring segment without chceking if there is a Set TR Dequeue pending to this segemnt. That could lead to very interesting outcomes if all TRBs in the segment are No-Op'ed and the next page is a transfer ring of other endpoint. Other than that, I suppose there is currently no problem. The loop for finding new dequeue position doesn't seem prone to jumping off the ring as long as the ring itself isn't corrupted. Michal
Powered by blists - more mailing lists