| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Aug 2020 12:56:22 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Himadri Pandya <himadrispandya@...il.com>,
David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
linux-kernel-mentees@...ts.linuxfoundation.org,
USB list <linux-usb@...r.kernel.org>,
netdev <netdev@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: [PATCH] net: usb: Fix uninit-was-stored issue in asix_read_cmd()
On Sun, Aug 23, 2020 at 12:31:03PM +0200, Dmitry Vyukov wrote:
> On Sun, Aug 23, 2020 at 12:19 PM Greg Kroah-Hartman
> > It's not always a failure, some devices have protocols that are "I could
> > return up to a max X bytes but could be shorter" types of messages, so
> > it's up to the caller to check that they got what they really asked for.
>
> Yes, that's why I said _separate_ helper function. There seems to be
> lots of callers that want exactly this -- "I want 4 bytes, anything
> else is an error". With the current API it's harder to do - you need
> additional checks, additional code, maybe even additional variables to
> store the required size. APIs should make correct code easy to write.
One note on this, will respond to the rest of the email later.
It should be the same exact amount of code in the driver to handle this
either way:
Today's correctly written driver:
data_size = 4;
data = kmalloc(data_size, GFP_KERNEL);
...
retval = usb_control_msg(....., data, data_size, ...);
if (retval < buf_size) {
/* SOMETHING WENT WRONG! */
}
With your new function:
data_size = 4;
data = kmalloc(data_size, GFP_KERNEL);
...
retval = usb_control_msg_error_on_short(....., data, data_size, ...);
if (retval < 0) {
/* SOMETHING WENT WRONG! */
}
Catch the difference, it's only in checking for retval, either way you
are writing the exact same logic in the driver, you still have to tell
the USB layer the size of the buffer you want to read into, still have
to pass in the buffer, and everything else. You already know the size
of the data you want, and you already are doing the check, those things
you have to do no matter what, it's not extra work.
We can write a wrapper around usb_control_msg() for something like this
that does the transformation of a short read into an error, but really,
does that give us all that much here?
Yes, I want to make it easy to write correct drivers, and hard to get
things wrong, but in this case, I don't see the new way any "harder" to
get wrong.
Unless you know of a simpler way here?
thanks,
greg k-h
Powered by blists - more mailing lists