lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <xebnh5c5rnfequ6khyhieugefrtt5mdftr6rsw522ocpg3yvln@tarta.nabijaczleweli.xyz>
Date: Fri, 26 Jan 2024 20:47:32 +0100
From: 
	Ahelenia ZiemiaƄska <nabijaczleweli@...ijaczleweli.xyz>
To: Brian Norris <briannorris@...omium.org>, Kalle Valo <kvalo@...nel.org>, 
	linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: memcpy: detected field-spanning write (size 101) of single field
 "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2251
 (size 1)

Hi!

I have a Google Hana (mt8173-elm-hana.dts) laptop with Wi-Fi provided by
the mmc@...60000/mwifiex@1 device ("marvell,sd8897").

On 6.6.11 in the dmesg I see
[   41.314595] ------------[ cut here ]------------
[   41.314634] memcpy: detected field-spanning write (size 101) of single field "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2251 (size 1)
[   41.314739] WARNING: CPU: 1 PID: 298 at drivers/net/wireless/marvell/mwifiex/scan.c:2251 mwifiex_cmd_802_11_scan_ext+0xa8/0xb8 [mwifiex]
[   41.314802] Modules linked in: uvcvideo uvc videobuf2_vmalloc xhci_mtk_hcd xhci_hcd hid_multitouch joydev sbs_battery snd_soc_hdmi_codec btmrvl_sdio evdev btmrvl crct10dif_ce bluetooth polyval_ce mwifiex_sdio polyval_generic sha2_ce sha256_arm64 mwifiex sha1_ce arm_smc_wdt mt8173_rt5650 ecdh_generic mt8173_afe_pcm snd_soc_rt5645 snd_soc_mtk_common snd_soc_rl6231 snd_soc_core snd_pcm_dmaengine snd_pcm snd_timer mtu3 snd ofpart udc_core spi_nor i2c_hid_of soundcore i2c_hid elan_i2c elants_i2c melfas_mip4 da9211_regulator mt6577_auxadc spi_mt65xx gpio_keys ghash_generic ghash_ce gf128mul gcm aes_ce_ccm algif_aead crypto_null des_generic libdes ecb algif_skcipher aes_neon_blk aes_ce_blk aes_ce_cipher md4 cfg80211 algif_hash af_alg rfkill binfmt_misc pkcs8_key_parser dm_mod loop efi_pstore dax configfs nfnetlink ip_tables x_tables autofs4
[   41.315059] CPU: 1 PID: 298 Comm: iwd Not tainted 6.6.11 #75 
[   41.315072] Hardware name: Google Hana (DT)
[   41.315082] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   41.315096] pc : mwifiex_cmd_802_11_scan_ext+0xa8/0xb8 [mwifiex]
[   41.315132] lr : mwifiex_cmd_802_11_scan_ext+0xa4/0xb8 [mwifiex]
[   41.315169] sp : ffff800082e43620
[   41.315177] x29: ffff800082e43620 x28: 0000000000000000 x27: 0000000000000000
[   41.315196] x26: 0000000000000107 x25: 0000000000000001 x24: 0000000000000000
[   41.315213] x23: ffff0000cb4d3400 x22: ffff0000cb694000 x21: 0000000000000065
[   41.315230] x20: ffff0000cbc6e3c0 x19: ffff0000cb4d3400 x18: ffff80008154d871
[   41.315248] x17: 0000000000000001 x16: ffffffffffffffff x15: 0000000000000004
[   41.315265] x14: ffff800081f1eee8 x13: 0000000000000003 x12: 0000000000000003
[   41.315283] x11: 0000000000000000 x10: 0000000000000027 x9 : bd143d0859bfb200
[   41.315300] x8 : bd143d0859bfb200 x7 : 205d343336343133 x6 : 332e31342020205b
[   41.315318] x5 : ffff80008215d2ff x4 : ffff800082e431d7 x3 : 0000000000000000
[   41.315335] x2 : 0000000000000065 x1 : ffff800082e433d0 x0 : 0000000000000094
[   41.315353] Call trace:
[   41.315362]  mwifiex_cmd_802_11_scan_ext+0xa8/0xb8 [mwifiex]
[   41.315399]  mwifiex_sta_prepare_cmd+0x774/0x848 [mwifiex]
[   41.315435]  mwifiex_send_cmd+0x28c/0x300 [mwifiex]
[   41.315470]  mwifiex_scan_channel_list+0x294/0x348 [mwifiex]
[   41.315506]  mwifiex_scan_networks+0x1a4/0x3b8 [mwifiex]
[   41.315541]  mwifiex_cfg80211_scan+0x37c/0x850 [mwifiex]
[   41.315577]  cfg80211_scan+0x48/0x2d0 [cfg80211]
[   41.315734]  nl80211_trigger_scan+0x728/0x788 [cfg80211]
[   41.315836]  genl_family_rcv_msg_doit+0xc4/0x128
[   41.315855]  genl_rcv_msg+0x214/0x228
[   41.315868]  netlink_rcv_skb+0x128/0x148
[   41.315881]  genl_rcv+0x40/0x60
[   41.315893]  netlink_unicast+0x24c/0x400
[   41.315905]  netlink_sendmsg+0x2d8/0x3d8
[   41.315917]  __sys_sendto+0x16c/0x1f8
[   41.315931]  __arm64_sys_sendto+0x34/0x50
[   41.315944]  invoke_syscall+0x78/0x108
[   41.315959]  el0_svc_common+0x8c/0xf0
[   41.315972]  do_el0_svc+0x28/0x40
[   41.315984]  el0_svc+0x40/0xc8
[   41.315997]  el0t_64_sync_handler+0x90/0x100
[   41.316009]  el0t_64_sync+0x190/0x198
[   41.316021] ---[ end trace 0000000000000000 ]---

(With the line unchanged in ecb1b8288dc7ccbdcb3b9df005fa1c0e0c0388a7.)

I don't really know what the relevancy or meaning of this is,
but one has to assume a WARNING with a backtrace is never good,
so forwarding.

Best,

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ