lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 06 Nov 2020 09:16:45 +0200
From:   Kalle Valo <kvalo@...eaurora.org>
To:     "Rakesh Pillai" <pillair@...eaurora.org>
Cc:     "'Doug Anderson'" <dianders@...omium.org>,
        'Abhishek Kumar' <kuabhs@...omium.org>,
        'Brian Norris' <briannorris@...omium.org>,
        'linux-wireless' <linux-wireless@...r.kernel.org>,
        'LKML' <linux-kernel@...r.kernel.org>,
        'ath10k' <ath10k@...ts.infradead.org>
Subject: Re: [PATCH] ath10k: Fix the parsing error in service available event

"Rakesh Pillai" <pillair@...eaurora.org> writes:

>> > diff --git a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
>> b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
>> > index 932266d..3b49e29 100644
>> > --- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
>> > +++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
>> > @@ -1404,9 +1404,12 @@ static int ath10k_wmi_tlv_svc_avail_parse(struct
>> ath10k *ar, u16 tag, u16 len,
>> >                 arg->service_map_ext_len = *(__le32 *)ptr;
>> >                 arg->service_map_ext = ptr + sizeof(__le32);
>> >                 return 0;
>> > +       case WMI_TLV_TAG_FIRST_ARRAY_ENUM:
>> > +               return 0;
>> 
>> This is at least slightly worrying to me.  If I were calling this
>> function, I'd expect that if I didn't get back an error that at least
>> "arg->service_map_ext_len" was filled in.  Seems like you should do:
>> 
>> case WMI_TLV_TAG_FIRST_ARRAY_ENUM:
>>   arg->service_map_ext_len = 0;
>>   arg->service_map_ext = NULL;
>>   return 0;
>> 
>> ...and maybe add a comment about why you're doing that?
>> 
>> At the moment things are working OK because
>> ath10k_wmi_event_service_available() happens to init the structure to
>> 0 before calling with:
>> 
>>   struct wmi_svc_avail_ev_arg arg = {};
>> 
>> ....but it doesn't seem like a great idea to rely on that.
>> 
>> That all being said, I'm just a drive-by reviewer and if everyone else
>> likes it the way it is, feel free to ignore my comments.
>
>
> The TLV TAG " WMI_TLV_TAG_STRUCT_SERVICE_AVAILABLE_EVENT" is the first
> and a mandatory TLV in the service available event. The subsequent
> TLVs are optional ones and may or may not be present (based on FW
> versions).

>From ath10k point of view never trust what the firmware sends you. Even
if WMI_TLV_TAG_STRUCT_SERVICE_AVAILABLE_EVENT is a mandatory TLV it
might be missing for whatever reasons. The same is with buffer lengths
etc and always confirm what you are receiving from the firmware.

-- 
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ