Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp24365361rwd; Sat, 1 Jul 2023 18:55:21 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4QJ7/rnyBFU/MxKGcDGIGiLfEBwW4UyteqMkpSZn7ioRnal1CrZdJksS1D7MWmt3Fbl2u7 X-Received: by 2002:a17:90a:7005:b0:262:ca9c:edcb with SMTP id f5-20020a17090a700500b00262ca9cedcbmr15793029pjk.9.1688262920601; Sat, 01 Jul 2023 18:55:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688262920; cv=none; d=google.com; s=arc-20160816; b=rb8uMPfXA4t0Y3DbhQUQGa9mDBaL07wpzj2OkRDCwuJopO1vAIB1sesFifSkIz577t jSmX0TrQljY/B5e5duhfICy7POQBuDWP5GQqQUHSoCHe8ZN895XusvNXlB4gv1TnJenw yivNhSpb7Gm/Aac+FEtWc/Rb7fyT3L/JPBi+yPHQTUd7ZQZvC7mmGoIye0KgU1EnWJLD OBPUfrqdBqCZDFH/9pjsxD8wmrFIZBCTpEuYaYuT05kSD1i+ACuhyG9Yg1qbZr/hukix h83F7qqTZkfs380olySqX2+0dOkL/YuBMom91dDaSXYHtlIJ+asCnW7zIU4VBWsTnLbw I+Fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=CFZEd5T3PI+03+0/fKXtKNOnqo5P8FLzu9V2976/gGs=; fh=PhMHectgzWgaLDH8S1Dp8kX3nHhrU5JZYMwcA4zB+as=; b=Sk2irEOxTXHA9sO9QkhWJnFFj8du0D98JYwmNUS4aiTk+pEuqkas/ZS3EOFDPUvG9u VE5djRiEXZUVOVxLCF0anHxJaGLbaqIlXGPAg7St3MeY/VhrbWJSwpMQs1ByqB58pmHu D0V4AlBuqRWBz1q0bPSwPMnwBbC14LJTKRMoTQ/2KUi36X98DR9ayuWxiUlb+sBCT1F7 k4iq37rM7XVfnxNo89DMo046YOyujsFmlS0812ml8D9WThwXpg92VUewfVLle2VYjdyi B01VzIRvNpNcvBHJJDfCHxeFw2I8Z7Zi0BYcn4HWKmumGJsMAZXksdtbZFTP848aJxex sY/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b6-20020a17090a9bc600b00262ec69bd80si12678842pjw.72.2023.07.01.18.55.00; Sat, 01 Jul 2023 18:55:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229761AbjGBBYV (ORCPT + 99 others); Sat, 1 Jul 2023 21:24:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45740 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229471AbjGBBYU (ORCPT ); Sat, 1 Jul 2023 21:24:20 -0400 Received: from netrider.rowland.org (netrider.rowland.org [192.131.102.5]) by lindbergh.monkeyblade.net (Postfix) with SMTP id BF1701728 for ; Sat, 1 Jul 2023 18:24:16 -0700 (PDT) Received: (qmail 1028027 invoked by uid 1000); 1 Jul 2023 21:24:15 -0400 Date: Sat, 1 Jul 2023 21:24:15 -0400 From: Alan Stern To: Uwe =?iso-8859-1?Q?Kleine-K=F6nig?= Cc: Zhang Shurong , gregkh@linuxfoundation.org, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] usb: r8a66597-hcd: host: fix port index underflow and UBSAN complains Message-ID: <9e9a4e29-2507-41fe-b857-1bdb698fab76@rowland.harvard.edu> References: <20230701171648.orex7hx6jpkkpub3@pengutronix.de> <20230701221911.5mqh677uyhh2s67u@pengutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230701221911.5mqh677uyhh2s67u@pengutronix.de> X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 02, 2023 at 12:19:11AM +0200, Uwe Kleine-K?nig wrote: > Hello Alan, > > On Sat, Jul 01, 2023 at 02:54:46PM -0400, Alan Stern wrote: > > wIndex should never be == 0 or > max_root_hub in the cases where rh gets > > used; such values would be meaningless. But we don't control the value > > of wIndex, because it can come from userspace. So we can't simply > > assume it will always be valid; it has to be checked. > > > > That being understood, the changes Zhang is making here are meant mostly > > to prevent UBSAN and the compiler from complaining or making false > > assumptions. The actual checks on wIndex occur later in the subroutine. > > I'm guilty of not having looked at all on that function, but it sounds > wrong to me to calculate values from some untrusted input and only > later validate the input. It should be the other way round, shouldn't > it? This is calling for compiler optimisations stepping on your toes. Six of one, half a dozen of the other. In the end I don't think it makes much difference; it basically comes down to personal choice. Which is fine, provided the final choice is one of the correct ones. Alan Stern