lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aFr1X5mhZxQpLiUv@lizhi-Precision-Tower-5810>
Date: Tue, 24 Jun 2025 14:58:39 -0400
From: Frank Li <Frank.li@....com>
To: Steffen Bätz <steffen@...osonix.de>
Cc: stable@...r.kernel.org, Srinivas Kandagatla <srini@...nel.org>,
	Shawn Guo <shawnguo@...nel.org>,
	Sascha Hauer <s.hauer@...gutronix.de>,
	Pengutronix Kernel Team <kernel@...gutronix.de>,
	Fabio Estevam <festevam@...il.com>,
	Dmitry Baryshkov <lumag@...nel.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	imx@...ts.linux.dev, linux-arm-kernel@...ts.infradead.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] nvmem: imx-ocotp: fix MAC address byte length

On Mon, Jun 23, 2025 at 07:09:55PM +0200, Steffen Bätz wrote:
> The commit "13bcd440f2ff nvmem: core: verify cell's raw_len" caused an
> extension of the "mac-address" cell from 6 to 8 bytes due to word_size
> of 4 bytes.
>
> Thus, the required byte swap for the mac-address of the full buffer length,
> caused an trucation of the read mac-address.
> From the original address 70:B3:D5:14:E9:0E to 00:00:70:B3:D5:14
>
> After swapping only the first 6 bytes, the mac-address is correctly passed
> to the upper layers.

suggested commit message:

The commit "13bcd440f2ff nvmem: core: verify cell's raw_len" caused an
extension of the "mac-address" cell from 6 to 8 bytes due to word_size
of 4 bytes. This led to a required byte swap of the full buffer length,
which caused truncation of the mac-address when read.

Previously, the mac-address was incorrectly truncated from 70:B3:D5:14:E9:0E
to 00:00:70:B3:D5:14.

Fix the issue by swapping only the first 6 bytes to correctly pass the
mac-address to the upper layers.

>
> Fixes: 13bcd440f2ff ("nvmem: core: verify cell's raw_len")
> Cc: stable@...r.kernel.org
> Signed-off-by: Steffen Bätz <steffen@...osonix.de>
> ---
> v3:
> - replace magic number 6 with ETH_ALEN
> - Fix misleading indentation and properly group 'mac-address' statements
> v2:
> - Add Cc: stable@...r.kernel.org as requested by Greg KH's patch bot
>  drivers/nvmem/imx-ocotp-ele.c | 6 +++++-
>  drivers/nvmem/imx-ocotp.c     | 6 +++++-
>  2 files changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/nvmem/imx-ocotp-ele.c b/drivers/nvmem/imx-ocotp-ele.c
> index ca6dd71d8a2e..9ef01c91dfa6 100644
> --- a/drivers/nvmem/imx-ocotp-ele.c
> +++ b/drivers/nvmem/imx-ocotp-ele.c
> @@ -12,6 +12,7 @@
>  #include <linux/of.h>
>  #include <linux/platform_device.h>
>  #include <linux/slab.h>
> +#include <linux/if_ether.h>	/* ETH_ALEN */
>
>  enum fuse_type {
>  	FUSE_FSB = BIT(0),
> @@ -118,9 +119,12 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index,
>  	int i;
>
>  	/* Deal with some post processing of nvmem cell data */
> -	if (id && !strcmp(id, "mac-address"))
> +	if (id && !strcmp(id, "mac-address")) {
> +		if (bytes > ETH_ALEN)
> +			bytes = ETH_ALEN;

bytes = min(bytes, ETH_ALEN);

Frank

>  		for (i = 0; i < bytes / 2; i++)
>  			swap(buf[i], buf[bytes - i - 1]);
> +	}
>
>  	return 0;
>  }
> diff --git a/drivers/nvmem/imx-ocotp.c b/drivers/nvmem/imx-ocotp.c
> index 79dd4fda0329..1343cafc37cc 100644
> --- a/drivers/nvmem/imx-ocotp.c
> +++ b/drivers/nvmem/imx-ocotp.c
> @@ -23,6 +23,7 @@
>  #include <linux/platform_device.h>
>  #include <linux/slab.h>
>  #include <linux/delay.h>
> +#include <linux/if_ether.h>	/* ETH_ALEN */
>
>  #define IMX_OCOTP_OFFSET_B0W0		0x400 /* Offset from base address of the
>  					       * OTP Bank0 Word0
> @@ -227,9 +228,12 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index,
>  	int i;
>
>  	/* Deal with some post processing of nvmem cell data */
> -	if (id && !strcmp(id, "mac-address"))
> +	if (id && !strcmp(id, "mac-address")) {
> +		if (bytes > ETH_ALEN)
> +			bytes = ETH_ALEN;
>  		for (i = 0; i < bytes / 2; i++)
>  			swap(buf[i], buf[bytes - i - 1]);
> +	}
>
>  	return 0;
>  }
> --
> 2.43.0
>
>
> --
>
>
> *innosonix GmbH*
> Hauptstr. 35
> 96482 Ahorn
> central: +49 9561 7459980
> www.innosonix.de <http://www.innosonix.de>
>
> innosonix GmbH
> Geschäftsführer:
> Markus Bätz, Steffen Bätz
> USt.-IdNr / VAT-Nr.: DE266020313
> EORI-Nr.:
> DE240121536680271
> HRB 5192 Coburg
> WEEE-Reg.-Nr. DE88021242

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ