lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 06 Oct 2011 16:33:24 +0200
From:	Oliver Hartkopp <socketcan@...tkopp.net>
To:	Wolfgang Grandegger <wg@...ndegger.com>
CC:	Wolfram Sang <w.sang@...gutronix.de>,
	Linux Netdev List <netdev@...r.kernel.org>,
	Andre Naujoks <nautsch@...il.com>
Subject: Re: [PATCH net] mscan: zero accidentally copied register content

On 10/06/11 11:09, Wolfgang Grandegger wrote:

> On 10/06/2011 09:02 AM, Oliver Hartkopp wrote:
>>
>> I think if one would like to rework the 16bit register access (which is used
>> in the rx path /and/ in the tx path also) this should go via net-next after
>> some discussion and testing.
> 
> Why do you want to change 16-bit accesses in general? They are faster
> than two 8 bit accesses. 
> 
>> IMHO this fix is small and clear and especially not risky. I wonder if
>> reworking the 16 bit register access is worth the effort?
> 
> I would prefer:
> 
>  	if (!(frame->can_id & CAN_RTR_FLAG)) {
>  		void __iomem *data = &regs->rx.dsr1_0;
>  		u16 *payload = (u16 *)frame->data;
>  
>  		for (i = 0; i < frame->can_dlc / 2; i++) {
>  			*payload++ = in_be16(data);
>  			data += 2 + _MSCAN_RESERVED_DSR_SIZE;
>  		}
> 		/* copy remaining byte */
> 		if (frame->can_dlc & 1)
> 			frame->data[frame->can_dlc - 1] = in_8(data);
>  	}


Besides the fact that Andre is going to test this idea from Wolfgang now, are
you really sure that it must be

	in_8(data)

and not

	in_8(data+1)

???

And that data definitely points to the right place?

I would prefer to be really cautious with these big endian 16 bit registers!

Therefore my fix with

+		/* zero accidentally copied register content at odd DLCs */
+		if (frame->can_dlc & 1)
+			frame->data[frame->can_dlc] = 0;

only repairing the result looks much more defensive to me.

Regards,
Oliver
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ