lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202205261656.CWDWN8nG-lkp@intel.com>
Date:   Thu, 26 May 2022 17:02:43 +0800
From:   kernel test robot <lkp@...el.com>
To:     Jianglei Nie <niejianglei2021@....com>, pizza@...ftnet.org,
        kvalo@...nel.org, davem@...emloft.net, edumazet@...gle.com,
        kuba@...nel.org, pabeni@...hat.com
Cc:     llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
        linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Jianglei Nie <niejianglei2021@....com>
Subject: Re: [PATCH] cw1200: Fix memory leak in cw1200_set_key()

Hi Jianglei,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on wireless-next/main]
[also build test ERROR on wireless/main v5.18 next-20220526]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/intel-lab-lkp/linux/commits/Jianglei-Nie/cw1200-Fix-memory-leak-in-cw1200_set_key/20220526-114747
base:   https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main
config: x86_64-randconfig-a003 (https://download.01.org/0day-ci/archive/20220526/202205261656.CWDWN8nG-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 3d546191ad9d7d2ad2c7928204b9de51deafa675)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/intel-lab-lkp/linux/commit/1e40283730dea11a1556d589925313cdca295484
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Jianglei-Nie/cw1200-Fix-memory-leak-in-cw1200_set_key/20220526-114747
        git checkout 1e40283730dea11a1556d589925313cdca295484
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash drivers/net/wireless/st/cw1200/

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@...el.com>

All errors (new ones prefixed by >>):

>> drivers/net/wireless/st/cw1200/sta.c:826:26: error: use of undeclared identifier 'idx'
                           cw1200_free_key(priv, idx);
                                                 ^
   1 error generated.


vim +/idx +826 drivers/net/wireless/st/cw1200/sta.c

   679	
   680	int cw1200_set_key(struct ieee80211_hw *dev, enum set_key_cmd cmd,
   681			   struct ieee80211_vif *vif, struct ieee80211_sta *sta,
   682			   struct ieee80211_key_conf *key)
   683	{
   684		int ret = -EOPNOTSUPP;
   685		struct cw1200_common *priv = dev->priv;
   686		struct ieee80211_key_seq seq;
   687	
   688		mutex_lock(&priv->conf_mutex);
   689	
   690		if (cmd == SET_KEY) {
   691			u8 *peer_addr = NULL;
   692			int pairwise = (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ?
   693				1 : 0;
   694			int idx = cw1200_alloc_key(priv);
   695			struct wsm_add_key *wsm_key = &priv->keys[idx];
   696	
   697			if (idx < 0) {
   698				ret = -EINVAL;
   699				goto finally;
   700			}
   701	
   702			if (sta)
   703				peer_addr = sta->addr;
   704	
   705			key->flags |= IEEE80211_KEY_FLAG_PUT_IV_SPACE |
   706				      IEEE80211_KEY_FLAG_RESERVE_TAILROOM;
   707	
   708			switch (key->cipher) {
   709			case WLAN_CIPHER_SUITE_WEP40:
   710			case WLAN_CIPHER_SUITE_WEP104:
   711				if (key->keylen > 16) {
   712					cw1200_free_key(priv, idx);
   713					ret = -EINVAL;
   714					goto finally;
   715				}
   716	
   717				if (pairwise) {
   718					wsm_key->type = WSM_KEY_TYPE_WEP_PAIRWISE;
   719					memcpy(wsm_key->wep_pairwise.peer,
   720					       peer_addr, ETH_ALEN);
   721					memcpy(wsm_key->wep_pairwise.keydata,
   722					       &key->key[0], key->keylen);
   723					wsm_key->wep_pairwise.keylen = key->keylen;
   724				} else {
   725					wsm_key->type = WSM_KEY_TYPE_WEP_DEFAULT;
   726					memcpy(wsm_key->wep_group.keydata,
   727					       &key->key[0], key->keylen);
   728					wsm_key->wep_group.keylen = key->keylen;
   729					wsm_key->wep_group.keyid = key->keyidx;
   730				}
   731				break;
   732			case WLAN_CIPHER_SUITE_TKIP:
   733				ieee80211_get_key_rx_seq(key, 0, &seq);
   734				if (pairwise) {
   735					wsm_key->type = WSM_KEY_TYPE_TKIP_PAIRWISE;
   736					memcpy(wsm_key->tkip_pairwise.peer,
   737					       peer_addr, ETH_ALEN);
   738					memcpy(wsm_key->tkip_pairwise.keydata,
   739					       &key->key[0], 16);
   740					memcpy(wsm_key->tkip_pairwise.tx_mic_key,
   741					       &key->key[16], 8);
   742					memcpy(wsm_key->tkip_pairwise.rx_mic_key,
   743					       &key->key[24], 8);
   744				} else {
   745					size_t mic_offset =
   746						(priv->mode == NL80211_IFTYPE_AP) ?
   747						16 : 24;
   748					wsm_key->type = WSM_KEY_TYPE_TKIP_GROUP;
   749					memcpy(wsm_key->tkip_group.keydata,
   750					       &key->key[0], 16);
   751					memcpy(wsm_key->tkip_group.rx_mic_key,
   752					       &key->key[mic_offset], 8);
   753	
   754					wsm_key->tkip_group.rx_seqnum[0] = seq.tkip.iv16 & 0xff;
   755					wsm_key->tkip_group.rx_seqnum[1] = (seq.tkip.iv16 >> 8) & 0xff;
   756					wsm_key->tkip_group.rx_seqnum[2] = seq.tkip.iv32 & 0xff;
   757					wsm_key->tkip_group.rx_seqnum[3] = (seq.tkip.iv32 >> 8) & 0xff;
   758					wsm_key->tkip_group.rx_seqnum[4] = (seq.tkip.iv32 >> 16) & 0xff;
   759					wsm_key->tkip_group.rx_seqnum[5] = (seq.tkip.iv32 >> 24) & 0xff;
   760					wsm_key->tkip_group.rx_seqnum[6] = 0;
   761					wsm_key->tkip_group.rx_seqnum[7] = 0;
   762	
   763					wsm_key->tkip_group.keyid = key->keyidx;
   764				}
   765				break;
   766			case WLAN_CIPHER_SUITE_CCMP:
   767				ieee80211_get_key_rx_seq(key, 0, &seq);
   768				if (pairwise) {
   769					wsm_key->type = WSM_KEY_TYPE_AES_PAIRWISE;
   770					memcpy(wsm_key->aes_pairwise.peer,
   771					       peer_addr, ETH_ALEN);
   772					memcpy(wsm_key->aes_pairwise.keydata,
   773					       &key->key[0], 16);
   774				} else {
   775					wsm_key->type = WSM_KEY_TYPE_AES_GROUP;
   776					memcpy(wsm_key->aes_group.keydata,
   777					       &key->key[0], 16);
   778	
   779					wsm_key->aes_group.rx_seqnum[0] = seq.ccmp.pn[5];
   780					wsm_key->aes_group.rx_seqnum[1] = seq.ccmp.pn[4];
   781					wsm_key->aes_group.rx_seqnum[2] = seq.ccmp.pn[3];
   782					wsm_key->aes_group.rx_seqnum[3] = seq.ccmp.pn[2];
   783					wsm_key->aes_group.rx_seqnum[4] = seq.ccmp.pn[1];
   784					wsm_key->aes_group.rx_seqnum[5] = seq.ccmp.pn[0];
   785					wsm_key->aes_group.rx_seqnum[6] = 0;
   786					wsm_key->aes_group.rx_seqnum[7] = 0;
   787					wsm_key->aes_group.keyid = key->keyidx;
   788				}
   789				break;
   790			case WLAN_CIPHER_SUITE_SMS4:
   791				if (pairwise) {
   792					wsm_key->type = WSM_KEY_TYPE_WAPI_PAIRWISE;
   793					memcpy(wsm_key->wapi_pairwise.peer,
   794					       peer_addr, ETH_ALEN);
   795					memcpy(wsm_key->wapi_pairwise.keydata,
   796					       &key->key[0], 16);
   797					memcpy(wsm_key->wapi_pairwise.mic_key,
   798					       &key->key[16], 16);
   799					wsm_key->wapi_pairwise.keyid = key->keyidx;
   800				} else {
   801					wsm_key->type = WSM_KEY_TYPE_WAPI_GROUP;
   802					memcpy(wsm_key->wapi_group.keydata,
   803					       &key->key[0],  16);
   804					memcpy(wsm_key->wapi_group.mic_key,
   805					       &key->key[16], 16);
   806					wsm_key->wapi_group.keyid = key->keyidx;
   807				}
   808				break;
   809			default:
   810				pr_warn("Unhandled key type %d\n", key->cipher);
   811				cw1200_free_key(priv, idx);
   812				ret = -EOPNOTSUPP;
   813				goto finally;
   814			}
   815			ret = wsm_add_key(priv, wsm_key);
   816			if (!ret)
   817				key->hw_key_idx = idx;
   818			else
   819				cw1200_free_key(priv, idx);
   820		} else if (cmd == DISABLE_KEY) {
   821			struct wsm_remove_key wsm_key = {
   822				.index = key->hw_key_idx,
   823			};
   824	
   825			if (wsm_key.index > WSM_KEY_MAX_INDEX) {
 > 826				cw1200_free_key(priv, idx);
   827				ret = -EINVAL;
   828				goto finally;
   829			}
   830	
   831			cw1200_free_key(priv, wsm_key.index);
   832			ret = wsm_remove_key(priv, &wsm_key);
   833		} else {
   834			pr_warn("Unhandled key command %d\n", cmd);
   835		}
   836	
   837	finally:
   838		mutex_unlock(&priv->conf_mutex);
   839		return ret;
   840	}
   841	

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ