lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <49559415-4493-4b90-a9bc-c6b9074a61f6@rowland.harvard.edu>
Date: Tue, 12 Aug 2025 21:38:20 -0400
From: Alan Stern <stern@...land.harvard.edu>
To: Thorsten Blum <thorsten.blum@...ux.dev>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-usb@...r.kernel.org, usb-storage@...ts.one-eyed-alien.net,
	linux-kernel@...r.kernel.org
Subject: Re: [usb-storage] Re: [PATCH] usb: storage: realtek_cr: Simplify
 rts51x_bulk_transport()

On Tue, Aug 12, 2025 at 11:28:56PM +0200, Thorsten Blum wrote:
> Hi Alan,
> 
> On 12. Aug 2025, at 22:06, Alan Stern wrote:
> > On Tue, Aug 12, 2025 at 04:43:58PM +0200, Thorsten Blum wrote:
> >> Change the function parameter 'buf_len' from 'int' to 'unsigned int' and
> >> only update the local variable 'residue' if needed.
> >> 
> >> Update the rts51x_read_status() function signature accordingly.
> > 
> > That last part isn't really necessary, is it?  It doesn't make the code 
> > any clearer, less buggy, or quicker to execute.
> 
> It's mostly for consistency because the parameter 'len' is used to call
> rts51x_bulk_transport() which now expects an unsigned integer. I'd still
> argue that it makes the code and the function signature a bit clearer
> because now the type communicates that 'len' cannot be negative.
> 
> >> 	- if (residue)
> >> 		- residue = residue < buf_len ? residue : buf_len;
> >> 	+ if (residue > buf_len)
> >> 		+ residue = buf_len;
> > 
> > This really has nothing at all to do with whether buf_len is a signed 
> > quantity -- it should never be negative.  (And I have no idea why the 
> > original code includes that test for residue being nonzero.)
> 
> I agree with "it should never be negative" and ideally the type should
> reflect this if possible.
> 
> It's also easier to reason about the code when comparing two unsigned
> integers than having to think about implicit type conversion.
> 
> > Much more serious is something you didn't change: Just above these lines 
> > it says:
> > 
> > 	residue = bcs->Residue;
> > 
> > It should say:
> > 
> > 	residue = le32_to_cpu(bcs->Residue);
> 
> That should probably be another patch, no?

So we're really talking about three separate things:

	Making buf_len and len unsigned;

	Simplifying the calculation of residue;

	Using the correct byte order for bcs->Residue.

The last one fixes a real bug; the other two are very minor by 
comparison.  Regardless, they should be in three separate patches.

If you would like to submit three new patches, please do.

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ