lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <21174665.bKA57LRvRV@localhost.localdomain>
Date:   Sun, 29 Aug 2021 10:52:03 +0200
From:   "Fabio M. De Francesco" <fmdefrancesco@...il.com>
To:     gregkh@...uxfoundation.org, Phillip Potter <phil@...lpotter.co.uk>
Cc:     straube.linux@...il.com, Larry.Finger@...inger.net,
        linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] staging: r8188eu: simplify c2h_evt_hdl function

On Saturday, August 28, 2021 11:24:52 PM CEST Phillip Potter wrote:
> Simplify c2h_evt_hdl function by removing majority of its code. The
> function always returns _FAIL anyway, due to the wrapper function it
> calls always returning _FAIL. For this reason, it is better to just
> return _FAIL directly.
> 
> Leave the call to c2h_evt_read in place, as without it, event handling
> semantics of the driver would be changed, despite nothing actually being
> done with the event.
> 
> Signed-off-by: Phillip Potter <phil@...lpotter.co.uk>
> ---
>  drivers/staging/r8188eu/core/rtw_cmd.c | 21 +++------------------
>  1 file changed, 3 insertions(+), 18 deletions(-)
> 
> diff --git a/drivers/staging/r8188eu/core/rtw_cmd.c b/drivers/staging/r8188eu/core/rtw_cmd.c
> index ce73ac7cf973..b520c6b43c03 100644
> --- a/drivers/staging/r8188eu/core/rtw_cmd.c
> +++ b/drivers/staging/r8188eu/core/rtw_cmd.c
> @@ -1854,27 +1854,12 @@ u8 rtw_c2h_wk_cmd(struct adapter *padapter, u8 *c2h_evt)
>  
>  static s32 c2h_evt_hdl(struct adapter *adapter, struct c2h_evt_hdr *c2h_evt, c2h_id_filter filter)
>  {
> -	s32 ret = _FAIL;
>  	u8 buf[16];
>  
> -	if (!c2h_evt) {
> -		/* No c2h event in cmd_obj, read c2h event before handling*/
> -		if (c2h_evt_read(adapter, buf) == _SUCCESS) {
> -			c2h_evt = (struct c2h_evt_hdr *)buf;

Dear Philip,

Not related to your patch, but what kind of odd assignment is it? c2h_evt takes
the address of a local variable and therefore it crashes the kernel whenever
someone decides to dereference it after this function returns and unwinds 
the stack...

> +	if (!c2h_evt)
> +		c2h_evt_read(adapter, buf);

Having said that, I strongly doubt that this path is ever taken. I didn't check the call
chain, but it may be that the function in never called or, if it is called, it always
has a valid c2h_evt argument. 

Actually I don't mean to suggest something specific. It simply looks odd, so I'd check 
and if this happens to be the case, I'd remove the whole c2h_evt_hdl().

Regards,

Fabio
>  
> -			if (filter && !filter(c2h_evt->id))
> -				goto exit;
> -
> -			ret = rtw_hal_c2h_handler(adapter, c2h_evt);
> -		}
> -	} else {
> -		if (filter && !filter(c2h_evt->id))
> -			goto exit;
> -
> -		ret = rtw_hal_c2h_handler(adapter, c2h_evt);
> -	}
> -exit:
> -	return ret;
> +	return _FAIL;
>  }
>  
>  static void c2h_wk_callback(struct work_struct *work)
> -- 
> 2.31.1
> 
> 




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ