| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Nov 2020 09:56:22 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: Kalle Valo <kvalo@...eaurora.org>
Cc: pkshih@...ltek.com, davem@...emloft.net, kuba@...nel.org,
straube.linux@...il.com, Larry.Finger@...inger.net,
christophe.jaillet@...adoo.fr, linux-wireless@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rtl8192ce: avoid accessing the data mapped to streaming
DMA
On 2020/11/7 19:44, Kalle Valo wrote:
> Jia-Ju Bai <baijiaju1990@...il.com> wrote:
>
>> In rtl92ce_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
>> line 530:
>> dma_addr_t mapping = dma_map_single(..., skb->data, ...);
>>
>> On line 533, skb->data is assigned to hdr after cast:
>> struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
>>
>> Then hdr->frame_control is accessed on line 534:
>> __le16 fc = hdr->frame_control;
>>
>> This DMA access may cause data inconsistency between CPU and hardwre.
>>
>> To fix this bug, hdr->frame_control is accessed before the DMA mapping.
>>
>> Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
> Like Ping said, use "rtlwifi:" prefix and have all rtlwifi patches in
> the same patchset.
>
> 4 patches set to Changes Requested.
>
> 11843533 rtl8192ce: avoid accessing the data mapped to streaming DMA
> 11843541 rtl8192de: avoid accessing the data mapped to streaming DMA
> 11843553 rtl8723ae: avoid accessing the data mapped to streaming DMA
> 11843557 rtl8188ee: avoid accessing the data mapped to streaming DMA
>
Okay, I have sent v2 patches just now.
Please have a look, thank :)
Best wishes,
Jia-Ju Bai
Powered by blists - more mailing lists