| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <23968040.bvS6LFdsLj@localhost.localdomain>
Date: Sun, 22 Aug 2021 18:03:07 +0200
From: "Fabio M. De Francesco" <fmdefrancesco@...il.com>
To: Greg KH <gregkh@...uxfoundation.org>,
Pavel Skripkin <paskripkin@...il.com>
Cc: Larry.Finger@...inger.net, phil@...lpotter.co.uk,
straube.linux@...il.com, linux-staging@...ts.linux.dev,
linux-kernel@...r.kernel.org, Martin Kaiser <martin@...ser.cx>
Subject: Re: [PATCH RFC 0/3] staging: r8188eu: avoid uninit value bugs
On Sunday, August 22, 2021 3:31:31 PM CEST Pavel Skripkin wrote:
> On 8/22/21 4:21 PM, Fabio M. De Francesco wrote:
> > On Sunday, August 22, 2021 2:39:34 PM CEST Greg KH wrote:
> >> On Sun, Aug 22, 2021 at 03:10:56PM +0300, Pavel Skripkin wrote:
> >> > On 8/22/21 1:59 PM, Fabio M. De Francesco wrote:
> >> > > On Sunday, August 22, 2021 12:09:29 PM CEST Pavel Skripkin wrote:
> > [...]
> >> > > So, it's up to the callers to test if (!_rtw_read*()) and then act
> >> > > accordingly. If they get 0 they should know how to handle the errors.
> >> >
> >> > Yes, but _rtw_read*() == 0 indicates 2 states:
> >> > 1. Error on transfer side
> >> > 2. Actual register value is 0
> >>
> >> That's not a good design, it should be fixed. Note there is the new
> >> usb_control_msg_recv() function which should probably be used instead
> >> here, to prevent this problem from happening.
> >
> > I think that no functions should return 0 for signaling FAILURE. If I'm not
> > wrong, the kernel quite always prefers to return 0 on SUCCESS and <0 on
> > FAILURE. Why don't you just fix this?
> >
> That's what I've done in v2. All rtw_read* family will have following
> prototype in v2:
>
> int __must_check _rtw_read8(struct adapter *adapter, u32 addr, u8 *data);
>
> Was it your idea, or you were talking about different approach?
>
> With regards,
> Pavel Skripkin
Pavel,
Yes, it is correct.
However, after that I had time to look at the calls chain and understand what
each function does and then I saw that my initial proposal should be made
along with another one...
The calls chain is:
(1) _rtw_read8() <--- (returns the data read from next function in chain)
(no errors returned, see possible fix in next function)
(2) usb_read8() <--- (returns the data read from next function in chain)
(_data_may_be_unitialised_, no errors returned)
(possible fix: from "u8 data"; to "char data = -1;")
(3) usbctrl_vendorreq() <---- (returns data read from next function in chain)
(data is always a valid pointer saved to third argument)
(if it fails, the third argument is unchanged because it
still has the address of the "data" argument given by the caller)
(4) usb_control_msg() <---- (it always returns how many bytes read or valid error codes)
(it _never_ returns 0: either positive or negative values)
I have not yet looked at the usb_control_msg_recv() which Greg talked about.
To summarize: in function (2) "u8 data" should become "char data = -1;".
Regards,
Fabio
P.S.: I was about to send this message while I see that you sent v2. Since I've already have
this response to your question I send it and soon after I'm going to read your v2 patches.
Powered by blists - more mailing lists