lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e632a285-9cb2-4dc9-a4a2-f57e454b8ffe@lunn.ch>
Date: Thu, 2 Nov 2023 18:37:40 +0100
From: Andrew Lunn <andrew@...n.ch>
To: Christian Marangi <ansuelsmth@...il.com>
Cc: "David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Rob Herring <robh+dt@...nel.org>,
	Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>,
	Conor Dooley <conor+dt@...nel.org>,
	Heiner Kallweit <hkallweit1@...il.com>,
	Russell King <linux@...linux.org.uk>,
	Robert Marko <robimarko@...il.com>,
	Vladimir Oltean <vladimir.oltean@....com>, netdev@...r.kernel.org,
	devicetree@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [net-next RFC PATCH v3 3/4] net: phy: aquantia: add firmware
 load support

> +/* AQR firmware doesn't have fixed offsets for iram and dram section
> + * but instead provide an header with the offset to use on reading
> + * and parsing the firmware.
> + *
> + * AQR firmware can't be trusted and each offset is validated to be
> + * not negative and be in the size of the firmware itself.
> + */
> +static inline bool aqr_fw_validate_get(size_t size, size_t offset, size_t get_size)
> +{
> +	return size + offset > 0 && offset + get_size <= size;
> +}

Please don't user inline in .c files. The compiler is better at
deciding than we are.

Also, i wounder about size + offset > 0. size_t is unsigned. So they
cannot be negative. So does this test make sense?

> +static int aqr_fw_boot(struct phy_device *phydev, const u8 *data, size_t size,
> +		       enum aqr_fw_src fw_src)
> +{
> +	u16 calculated_crc, read_crc, read_primary_offset;
> +	u32 iram_offset = 0, iram_size = 0;
> +	u32 dram_offset = 0, dram_size = 0;
> +	char version[VERSION_STRING_SIZE];
> +	u32 primary_offset = 0;
> +	int ret;
> +
> +	/* extract saved CRC at the end of the fw
> +	 * CRC is saved in big-endian as PHY is BE
> +	 */
> +	ret = aqr_fw_get_be16(data, size - sizeof(u16), size, &read_crc);
> +	if (ret) {
> +		phydev_err(phydev, "bad firmware CRC in firmware\n");
> +		return ret;
> +	}

So if size < sizeof(u16), we get a very big positive number. The > 0
test does nothing for you here, but the other half of the test does
trap the issue.

So i think you can remove the > 0 test.

   Andrew

Powered by blists - more mailing lists