| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 May 2022 07:47:43 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Pavel Skripkin <paskripkin@...il.com>
Cc: gregkh@...uxfoundation.org, Larry.Finger@...inger.net,
phil@...lpotter.co.uk, straube.linux@...il.com,
fmdefrancesco@...il.com, linux-kernel@...r.kernel.org,
linux-staging@...ts.linux.dev
Subject: Re: [PATCH 2/4] staging: r8188eu: add error handling of rtw_read16
On Thu, May 19, 2022 at 01:11:56AM +0300, Pavel Skripkin wrote:
> diff --git a/drivers/staging/r8188eu/hal/rtl8188e_hal_init.c b/drivers/staging/r8188eu/hal/rtl8188e_hal_init.c
> index e67ecbd1ba79..22661c66cc18 100644
> --- a/drivers/staging/r8188eu/hal/rtl8188e_hal_init.c
> +++ b/drivers/staging/r8188eu/hal/rtl8188e_hal_init.c
> @@ -249,11 +249,14 @@ static void efuse_read_phymap_from_txpktbuf(
> hi32 = cpu_to_le32(rtw_read32(adapter, REG_PKTBUF_DBG_DATA_H));
>
> if (i == 0) {
> + int res;
> + u16 reg;
> /* Although lenc is only used in a debug statement,
Blank line after declarations.
I think it's better to put "int res" declarations at the start of the
function. That's where people will expect to see it.
> * do not remove it as the rtw_read16() call consumes
> * 2 bytes from the EEPROM source.
> */
> - rtw_read16(adapter, REG_PKTBUF_DBG_DATA_L);
> + res = rtw_read16(adapter, REG_PKTBUF_DBG_DATA_L, ®);
> + (void) res;
>
> len = le32_to_cpu(lo32) & 0x0000ffff;
>
[ snip ]
> diff --git a/drivers/staging/r8188eu/include/rtw_io.h b/drivers/staging/r8188eu/include/rtw_io.h
> index 1198d3850a6d..ce3369e33d66 100644
> --- a/drivers/staging/r8188eu/include/rtw_io.h
> +++ b/drivers/staging/r8188eu/include/rtw_io.h
> @@ -221,7 +221,7 @@ void _rtw_attrib_read(struct adapter *adapter, u32 addr, u32 cnt, u8 *pmem);
> void _rtw_attrib_write(struct adapter *adapter, u32 addr, u32 cnt, u8 *pmem);
>
> int __must_check rtw_read8(struct adapter *adapter, u32 addr, u8 *data);
> -u16 rtw_read16(struct adapter *adapter, u32 addr);
> +int __must_check rtw_read16(struct adapter *adapter, u32 addr, u16 *data);
> u32 rtw_read32(struct adapter *adapter, u32 addr);
> void _rtw_read_mem(struct adapter *adapter, u32 addr, u32 cnt, u8 *pmem);
> u32 rtw_read_port(struct adapter *adapter, u8 *pmem);
> diff --git a/drivers/staging/r8188eu/os_dep/ioctl_linux.c b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> index 66aac2cbe3a9..1b35951a53cb 100644
> --- a/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> +++ b/drivers/staging/r8188eu/os_dep/ioctl_linux.c
> @@ -1919,7 +1919,10 @@ static int rtw_wx_read32(struct net_device *dev,
> sprintf(extra, "0x%02X", data32 & 0xff);
> break;
> case 2:
> - data32 = rtw_read16(padapter, addr);
> + ret = rtw_read16(padapter, addr, (u16 *) &data32);
Checkpatch.
I have an unpublished Smatch warning for casts like this. You can't
pass a data32 pointer to something which is takes a u16 pointer and
expect it to work. The last two bytes are uninitialized.
And even if you zero out the bytes, it is a bug on big endian systems.
> + if (ret)
> + goto err_free_ptmp;
> +
> sprintf(extra, "0x%04X", data32);
> break;
> case 4:
regards,
dan carpenter
Powered by blists - more mailing lists