On Wed, May 29, 2013 at 10:45:04AM -0700, Sarah Sharp wrote: > On Wed, May 29, 2013 at 10:27:50AM +0900, Greg Kroah-Hartman wrote: > > On Fri, May 24, 2013 at 05:42:52PM -0700, Sarah Sharp wrote: > > > This patchset address some (but not all) of the security issues found > > > with the Klockwork static analysis tool. I have not reviewed these in > > > detail to see if these could be used by attackers, so someone with more > > > security experience may want to look these over. > > > > A lot of these changes are just to add checks to functions that you are > > calling yourself. How can those pointers be "not valid" when you > > control what you pass to them? > > It's purely paranoia. It's entirely possible we'll add new code later > that would accidentally trigger these checks. That's especially true > of, say, the device speeds, since "USB 3.1" (10Gbps) is in the works. Then let's worry about it at that point in time :) > > Those seems over-eager, and not really needed. Or am I missing > > somewhere that could change the pointer without the driver knowing it? > > In all honesty, these patches are the result of a bureaucratic push for > "code quality". We switched static analysis tools from Coverity to > Klockwork, and the QA folks pushed us to fix the "issues" that Klockwork > discovered. > > If you don't think they're appropriate, let me know, and I'll push back. It is great to get rid of the BUG_ON() calls. But to be over-eager in checking parameters that we have full control of is not needed at all. So if you rework the patches to just clean up the BUG_ON() calls, I'll be glad to accept them, but they aren't "security" issues at all. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
