| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210920190133.GS2116@kadam>
Date: Mon, 20 Sep 2021 22:01:33 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: "Fabio M. De Francesco" <fmdefrancesco@...il.com>
Cc: Larry Finger <Larry.Finger@...inger.net>,
Phillip Potter <phil@...lpotter.co.uk>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Pavel Skripkin <paskripkin@...il.com>,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org,
David Laight <david.Laight@...lab.com>,
Martin Kaiser <martin@...ser.cx>
Subject: Re: [PATCH v8 15/19] staging: r8188eu: change the type of a variable
in rtw_read16()
On Mon, Sep 20, 2021 at 06:17:36PM +0200, Fabio M. De Francesco wrote:
> On Monday, September 20, 2021 3:10:36 PM CEST Dan Carpenter wrote:
> > On Mon, Sep 20, 2021 at 03:03:44PM +0200, Fabio M. De Francesco wrote:
> > > On Monday, September 20, 2021 1:56:47 PM CEST Dan Carpenter wrote:
> > > > On Mon, Sep 20, 2021 at 01:53:52AM +0200, Fabio M. De Francesco wrote:
> > > > > Change the type of "data" from __le32 to __le16.
> > > > >
> > > >
> > > > You should note in the commit message that:
> > > >
> > > > The last two bytes of "data" are not initialized so the
> le32_to_cpu(data)
> > > > technically reads uninitialized data. This can likely be detected by
> > > > the KASan checker as reading uninitialized data. But because the bytes
> > > > are discarded in the end so this will not affect runtime.
> > > >
> > > > regards,
> > > > dan carpenter
> > > >
> > >
> > > Dear Dan,
> > >
> > > Thanks for your suggestion about this specific topic.
> > >
> > > We thought that, since "data" is in bitwise AND with 0xffff before being
> > > passed to the callee, it was enough to have reviewers know why we're
> doing
> > > that change of type with no further explanations. Actually it seems to be
> not
> > > enough to motivate that change.
> > >
> > > We will surely use the note you provided.
> > >
> > > However, since I'm not used to blindly follow suggestions (even if I
> trust
> > > your words with no doubts at all) without complete understanding of what
> I'm
> > > doing, I will need to understand what KASan is before copy-paste your
> note.
> >
> > Google is your friend!
>
> Yes, it is :)
>
> I think you were referring to the KernelMemorySanitizer (KMSan), a detector
> of uses of uninitialized memory (but it seems to not be upstream):
> https://github.com/google/kmsan
>
> Instead you wrote about the The Kernel Address Sanitizer (KASan) that seems
> to be a dynamic memory error detector designed to find out-of-bound and use-
> after-free bugs (this is upstream):
> https://www.kernel.org/doc/html/v5.0/dev-tools/kasan.html
>
> Can you please confirm?
That sounds probably right.
>
> Back to the code... uninitialised data is not a problem in the old code, it's
> just bad design. The new code cannot affect runtime, it's just better design.
It would be a problem for KMSan and the kbuild-bot will email you about
it. From your commit message "Change the type of "data" from __le32 to
__le16." it's not clear you understand why the kbuild-bot will email you
and why it's correct to do so.
regards,
dan carpenter
Powered by blists - more mailing lists