lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <6543df4e.050a0220.e42f1.2222@mx.google.com> Date: Thu, 2 Nov 2023 18:41:31 +0100 From: Christian Marangi <ansuelsmth@...il.com> To: Andrew Lunn <andrew@...n.ch> Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Rob Herring <robh+dt@...nel.org>, Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>, Conor Dooley <conor+dt@...nel.org>, Heiner Kallweit <hkallweit1@...il.com>, Russell King <linux@...linux.org.uk>, Robert Marko <robimarko@...il.com>, Vladimir Oltean <vladimir.oltean@....com>, netdev@...r.kernel.org, devicetree@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [net-next RFC PATCH v3 3/4] net: phy: aquantia: add firmware load support On Thu, Nov 02, 2023 at 06:37:40PM +0100, Andrew Lunn wrote: > > +/* AQR firmware doesn't have fixed offsets for iram and dram section > > + * but instead provide an header with the offset to use on reading > > + * and parsing the firmware. > > + * > > + * AQR firmware can't be trusted and each offset is validated to be > > + * not negative and be in the size of the firmware itself. > > + */ > > +static inline bool aqr_fw_validate_get(size_t size, size_t offset, size_t get_size) > > +{ > > + return size + offset > 0 && offset + get_size <= size; > > +} > > Please don't user inline in .c files. The compiler is better at > deciding than we are. > OK. > Also, i wounder about size + offset > 0. size_t is unsigned. So they > cannot be negative. So does this test make sense? > The idea was to check case where it's subtracted too much. (example where we check the CRC at the end of the fw) but since it's unsigned i guess it will always be zero. I will drop. (or should i use ssize_t?) > > +static int aqr_fw_boot(struct phy_device *phydev, const u8 *data, size_t size, > > + enum aqr_fw_src fw_src) > > +{ > > + u16 calculated_crc, read_crc, read_primary_offset; > > + u32 iram_offset = 0, iram_size = 0; > > + u32 dram_offset = 0, dram_size = 0; > > + char version[VERSION_STRING_SIZE]; > > + u32 primary_offset = 0; > > + int ret; > > + > > + /* extract saved CRC at the end of the fw > > + * CRC is saved in big-endian as PHY is BE > > + */ > > + ret = aqr_fw_get_be16(data, size - sizeof(u16), size, &read_crc); > > + if (ret) { > > + phydev_err(phydev, "bad firmware CRC in firmware\n"); > > + return ret; > > + } > > So if size < sizeof(u16), we get a very big positive number. The > 0 > test does nothing for you here, but the other half of the test does > trap the issue. > > So i think you can remove the > 0 test. > Yes that single check was done because of this, but didn't notice size_t is unsigned and it won't ever fall in negative cases. -- Ansuel
Powered by blists - more mailing lists