LinuxLists.cc - [patch 2/2] crypto: img-hash - shift wrapping bug in img_hash_hw

2015-03-20 14:22:01

Subject: [patch 2/2] crypto: img-hash - shift wrapping bug in img_hash_hw_init()

"hdev->req->nbytes" is an unsigned int so we so we lose the upper 3
bytes to the shift wrap bug.

Signed-off-by: Dan Carpenter <[email protected]>

diff --git a/drivers/crypto/img-hash.c b/drivers/crypto/img-hash.c
index 601ab35..ad47d0d 100644
--- a/drivers/crypto/img-hash.c
+++ b/drivers/crypto/img-hash.c
@@ -464,7 +464,7 @@ static int img_hash_hw_init(struct img_hash_dev *hdev)
img_hash_write(hdev, CR_RESET, CR_RESET_UNSET);
img_hash_write(hdev, CR_INTENAB, CR_INT_NEW_RESULTS_SET);

- nbits = (hdev->req->nbytes << 3);
+ nbits = (u64)hdev->req->nbytes << 3;
u = nbits >> 32;
l = nbits;
img_hash_write(hdev, CR_MESSAGE_LENGTH_H, u);

2015-03-20 18:55:56

by James Hartley

[permalink] [raw]

Subject: RE: [patch 2/2] crypto: img-hash - shift wrapping bug in img_hash_hw_init()

Hi Dan,

I'm assuming you mean the upper 3 bits rather than bytes?

Thanks for the patch

James.

> -----Original Message-----
> From: Dan Carpenter [mailto:[email protected]]
> Sent: 20 March 2015 14:22
> To: Herbert Xu; James Hartley
> Cc: David S. Miller; [email protected]; kernel-
> [email protected]
> Subject: [patch 2/2] crypto: img-hash - shift wrapping bug in
> img_hash_hw_init()
>
> "hdev->req->nbytes" is an unsigned int so we so we lose the upper 3 bytes to
> the shift wrap bug.
>
> Signed-off-by: Dan Carpenter <[email protected]>
>
> diff --git a/drivers/crypto/img-hash.c b/drivers/crypto/img-hash.c index
> 601ab35..ad47d0d 100644
> --- a/drivers/crypto/img-hash.c
> +++ b/drivers/crypto/img-hash.c
> @@ -464,7 +464,7 @@ static int img_hash_hw_init(struct img_hash_dev
> *hdev)
> img_hash_write(hdev, CR_RESET, CR_RESET_UNSET);
> img_hash_write(hdev, CR_INTENAB, CR_INT_NEW_RESULTS_SET);
>
> - nbits = (hdev->req->nbytes << 3);
> + nbits = (u64)hdev->req->nbytes << 3;
> u = nbits >> 32;
> l = nbits;
> img_hash_write(hdev, CR_MESSAGE_LENGTH_H, u);

2015-03-23 11:04:13

by Dan Carpenter

[permalink] [raw]

Subject: [patch 2/2 v2] crypto: img-hash - shift wrapping bug in img_hash_hw_init()

"hdev->req->nbytes" is an unsigned int so we so we lose the upper 3 bits
to the shift wrap bug.

Signed-off-by: Dan Carpenter <[email protected]>
---
v2: typo in changelog

diff --git a/drivers/crypto/img-hash.c b/drivers/crypto/img-hash.c
index 601ab35..ad47d0d 100644
--- a/drivers/crypto/img-hash.c
+++ b/drivers/crypto/img-hash.c
@@ -464,7 +464,7 @@ static int img_hash_hw_init(struct img_hash_dev *hdev)
img_hash_write(hdev, CR_RESET, CR_RESET_UNSET);
img_hash_write(hdev, CR_INTENAB, CR_INT_NEW_RESULTS_SET);

- nbits = (hdev->req->nbytes << 3);
+ nbits = (u64)hdev->req->nbytes << 3;
u = nbits >> 32;
l = nbits;
img_hash_write(hdev, CR_MESSAGE_LENGTH_H, u);

2015-03-23 11:09:34

by Herbert Xu

[permalink] [raw]

Subject: Re: [patch 2/2 v2] crypto: img-hash - shift wrapping bug in img_hash_hw_init()

On Mon, Mar 23, 2015 at 02:03:55PM +0300, Dan Carpenter wrote:
> "hdev->req->nbytes" is an unsigned int so we so we lose the upper 3 bits
> to the shift wrap bug.
>
> Signed-off-by: Dan Carpenter <[email protected]>

Both patches applied.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt