From: Dan Carpenter <dan.carpenter@oracle.com>
To: santosh prasad nayak <santoshprasadnayak@gmail.com>
Cc: David Miller <davem@davemloft.net>,
masa-korg@dsn.okisemi.com, paul.gortmaker@windriver.com,
jeffrey.t.kirsher@intel.com, mirq-linux@rere.qmqm.pl,
netdev@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] pch_gbe: memory corruption calling pch_gbe_validate_option()
Date: Mon, 05 Mar 2012 06:33:49 +0000 [thread overview]
Message-ID: <20120305063349.GE1003@mwanda> (raw)
In-Reply-To: <CAOD=uF5+DHqxBW9waP3CYrfrq_WiBjWsyoKkZCSq+GvOsoUpMg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1264 bytes --]
On Mon, Mar 05, 2012 at 11:04:49AM +0530, santosh prasad nayak wrote:
> Dan,
>
> Your fix may introduce new bug.
>
> hw->phy.autoneg_advertised = tmp
>
> Assigning signed integer to unsigned short leads to bit truncation.
In this case it doesn't. It's going to be 0x2f or less. I
obviously checked this before I submitted the patch.
> Is it safe for both Big-endian and little endian format ?
It's CPU endian in both cases.
>
> AutoNeg is initialized with a Negative value (OPTION_UNSET)
> Won't it create any issue with above assignment ?
>
Nope. It gets set to 0x2f inside pch_gbe_validate_option().
>
> The simpler fix is to make "autoneg_advertised" signed integer.
>
> struct pch_gbe_phy_info {
> u32 addr;
> u32 id;
> u32 revision;
> u32 reset_delay_us;
> u16 autoneg_advertised; // ==> int autoneg_advertised
> };
>
The better fix would be to change pch_gbe_validate_option() so it
isn't so easy to call improperly. I would have done that except
that probably we won't introduce many more callers, it seemed
like a lot of work and I don't have the hardware to test the
results.
regards,
dan carpenter
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: santosh prasad nayak <santoshprasadnayak@gmail.com>
Cc: David Miller <davem@davemloft.net>,
masa-korg@dsn.okisemi.com, paul.gortmaker@windriver.com,
jeffrey.t.kirsher@intel.com, mirq-linux@rere.qmqm.pl,
netdev@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] pch_gbe: memory corruption calling pch_gbe_validate_option()
Date: Mon, 5 Mar 2012 09:33:49 +0300 [thread overview]
Message-ID: <20120305063349.GE1003@mwanda> (raw)
In-Reply-To: <CAOD=uF5+DHqxBW9waP3CYrfrq_WiBjWsyoKkZCSq+GvOsoUpMg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1264 bytes --]
On Mon, Mar 05, 2012 at 11:04:49AM +0530, santosh prasad nayak wrote:
> Dan,
>
> Your fix may introduce new bug.
>
> hw->phy.autoneg_advertised = tmp
>
> Assigning signed integer to unsigned short leads to bit truncation.
In this case it doesn't. It's going to be 0x2f or less. I
obviously checked this before I submitted the patch.
> Is it safe for both Big-endian and little endian format ?
It's CPU endian in both cases.
>
> AutoNeg is initialized with a Negative value (OPTION_UNSET)
> Won't it create any issue with above assignment ?
>
Nope. It gets set to 0x2f inside pch_gbe_validate_option().
>
> The simpler fix is to make "autoneg_advertised" signed integer.
>
> struct pch_gbe_phy_info {
> u32 addr;
> u32 id;
> u32 revision;
> u32 reset_delay_us;
> u16 autoneg_advertised; // ==> int autoneg_advertised
> };
>
The better fix would be to change pch_gbe_validate_option() so it
isn't so easy to call improperly. I would have done that except
that probably we won't introduce many more callers, it seemed
like a lot of work and I don't have the hardware to test the
results.
regards,
dan carpenter
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2012-03-05 6:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-01 7:17 [patch] pch_gbe: memory corruption calling pch_gbe_validate_option() Dan Carpenter
2012-03-01 7:17 ` Dan Carpenter
2012-03-01 22:24 ` David Miller
2012-03-01 22:24 ` David Miller
2012-03-05 5:34 ` santosh prasad nayak
2012-03-05 5:46 ` santosh prasad nayak
2012-03-05 6:33 ` Dan Carpenter [this message]
2012-03-05 6:33 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120305063349.GE1003@mwanda \
--to=dan.carpenter@oracle.com \
--cc=davem@davemloft.net \
--cc=jeffrey.t.kirsher@intel.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=masa-korg@dsn.okisemi.com \
--cc=mirq-linux@rere.qmqm.pl \
--cc=netdev@vger.kernel.org \
--cc=paul.gortmaker@windriver.com \
--cc=santoshprasadnayak@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.