| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 May 2021 22:24:53 +0200
From: Pavel Machek <pavel@...x.de>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Wen Gong <wgong@...eaurora.org>,
Jouni Malinen <jouni@...eaurora.org>,
Johannes Berg <johannes.berg@...el.com>
Subject: Re: [PATCH 5.10 036/252] ath10k: drop MPDU which has discard flag
set by firmware for SDIO
Hi!
> commit 079a108feba474b4b32bd3471db03e11f2f83b81 upstream.
>
> When the discard flag is set by the firmware for an MPDU, it should be
> dropped. This allows a mitigation for CVE-2020-24588 to be implemented
> in the firmware.
>
> Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049
This introduces bitfields for communication with firmware.
> +++ b/drivers/net/wireless/ath/ath10k/rx_desc.h
> @@ -1282,7 +1282,19 @@ struct fw_rx_desc_base {
> #define FW_RX_DESC_UDP (1 << 6)
>
> struct fw_rx_desc_hl {
> - u8 info0;
> + union {
> + struct {
> + u8 discard:1,
> + forward:1,
> + any_err:1,
> + dup_err:1,
> + reserved:1,
> + inspect:1,
> + extension:2;
> + } bits;
> + u8 info0;
> + } u;
> +
That is a) quite unusual (see the define just above) and b) very
fragile AFAICT. Compilers on LE and BE machines behave differently,
for example. Should it use usual bit manipulation functions?
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)
Powered by blists - more mailing lists