lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YEudm0TJUwq5x/Pe@builder.lan>
Date:   Fri, 12 Mar 2021 10:58:03 -0600
From:   Bjorn Andersson <bjorn.andersson@...aro.org>
To:     Alex Elder <elder@...aro.org>
Cc:     davem@...emloft.net, kuba@...nel.org, sujitka@...omium.org,
        evgreen@...omium.org, cpratapa@...eaurora.org,
        subashab@...eaurora.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] net: ipa: terminate message handler arrays

On Fri 12 Mar 09:12 CST 2021, Alex Elder wrote:

> When a QMI handle is initialized, an array of message handler
> structures is provided, defining how any received message should
> be handled based on its type and message ID.  The QMI core code
> traverses this array when a message arrives and calls the function
> associated with the (type, msg_id) found in the array.
> 
> The array is supposed to be terminated with an empty (all zero)
> entry though.  Without it, an unsupported message will cause
> the QMI core code to go past the end of the array.
> 
> Fix this bug, by properly terminating the message handler arrays
> provided when QMI handles are set up by the IPA driver.
> 

Reviewed-by: Bjorn Andersson <bjorn.andersson@...aro.org>

Regards,
Bjorn

> Fixes: 530f9216a9537 ("soc: qcom: ipa: AP/modem communications")
> Reported-by: Sujit Kautkar <sujitka@...omium.org>
> Signed-off-by: Alex Elder <elder@...aro.org>
> ---
>  drivers/net/ipa/ipa_qmi.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/net/ipa/ipa_qmi.c b/drivers/net/ipa/ipa_qmi.c
> index 2fc64483f2753..e594bf3b600f0 100644
> --- a/drivers/net/ipa/ipa_qmi.c
> +++ b/drivers/net/ipa/ipa_qmi.c
> @@ -249,6 +249,7 @@ static const struct qmi_msg_handler ipa_server_msg_handlers[] = {
>  		.decoded_size	= IPA_QMI_DRIVER_INIT_COMPLETE_REQ_SZ,
>  		.fn		= ipa_server_driver_init_complete,
>  	},
> +	{ },
>  };
>  
>  /* Handle an INIT_DRIVER response message from the modem. */
> @@ -269,6 +270,7 @@ static const struct qmi_msg_handler ipa_client_msg_handlers[] = {
>  		.decoded_size	= IPA_QMI_INIT_DRIVER_RSP_SZ,
>  		.fn		= ipa_client_init_driver,
>  	},
> +	{ },
>  };
>  
>  /* Return a pointer to an init modem driver request structure, which contains
> -- 
> 2.27.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ