Re: [PATCH v2 11/16] block: sed-opal: ioctl for writing to shadow mbr

From: Scott Bauer
Date: Mon Jan 21 2019 - 02:52:15 EST

Next message: Ray Jui: "Re: [PATCH v3 0/8] Add IPROC I2C slave mode and NIC I2C support"
Previous message: Pingfan Liu: "[PATCHv7] x86/kdump: bugfix, make the behavior of crashkernel=X consistent with kaslr"
In reply to: David Kozub: "Re: [PATCH v2 11/16] block: sed-opal: ioctl for writing to shadow mbr"
Next in thread: David Kozub: "[PATCH v2 13/16] block: sed-opal: check size of shadow mbr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jan 20, 2019 at 11:27:30AM +0100, David Kozub wrote:
> On Sat, 19 Jan 2019, Scott Bauer wrote:
>
> > On Thu, Jan 17, 2019 at 09:31:51PM +0000, David Kozub wrote:
> >
> > > +static int write_shadow_mbr(struct opal_dev *dev, void *data)
> > > +{
> > > + struct opal_shadow_mbr *shadow = data;
> > > + const u8 __user *src;
> > > + u8 *dst;
> > > + size_t off = 0;
> > > + u64 len;
> > > + int err = 0;
> > > +
> > > + /* do the actual transmission(s) */
> > > + src = (u8 *) shadow->data;
> > > + while (off < shadow->size) {
> > > + err = cmd_start(dev, opaluid[OPAL_MBR], opalmethod[OPAL_SET]);
> > > + add_token_u8(&err, dev, OPAL_STARTNAME);
> > > + add_token_u8(&err, dev, OPAL_WHERE);
> > > + add_token_u64(&err, dev, shadow->offset + off);
> > > + add_token_u8(&err, dev, OPAL_ENDNAME);
> > > +
> > > + add_token_u8(&err, dev, OPAL_STARTNAME);
> > > + add_token_u8(&err, dev, OPAL_VALUES);
> > > +
> > > + /*
> > > + * The bytestring header is either 1 or 2 bytes, so assume 2.
> > > + * There also needs to be enough space to accommodate the
> > > + * trailing OPAL_ENDNAME (1 byte) and tokens added by
> > > + * cmd_finalize.
> > > + */
> > > + len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
> > > + (size_t)(shadow->size - off));
> >
> > What if remaining_size(dev) < 2 + 1 + CMD_FINALIZE_BYTES_NEEDED? If that's possible we
> > get min(UINT_MAX(ish) , some size larger than our remaining buffer) and that's not good.
>
> This is only possible for uselessly small values of IO_BUFFER_LENGTH, which
> is a compile-time value. Originally I thought it's OK as nobody would set
> the value so low. But on a second thought, after reading your comment, I
> think that even if IO_BUFFER_LENGTH was set to such a value, the code should
> fail gracefully.

Naw, just leave it the way it is. I didnt follow cmd_start down deep enough to realize we reset
the position on cmd_start, so there is no way for my scenario to happen. We'll never change IO_BUFFER_LENGTH
to something small. If someone wants to write a bug in their custom kernel, it's not our problem.

Next message: Ray Jui: "Re: [PATCH v3 0/8] Add IPROC I2C slave mode and NIC I2C support"
Previous message: Pingfan Liu: "[PATCHv7] x86/kdump: bugfix, make the behavior of crashkernel=X consistent with kaslr"
In reply to: David Kozub: "Re: [PATCH v2 11/16] block: sed-opal: ioctl for writing to shadow mbr"
Next in thread: David Kozub: "[PATCH v2 13/16] block: sed-opal: check size of shadow mbr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]