lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZiqBQ3r3gRk2HBir@hovoldconsulting.com>
Date: Thu, 25 Apr 2024 18:13:55 +0200
From: Johan Hovold <johan@...nel.org>
To: Doug Anderson <dianders@...omium.org>
Cc: Janaki Ramaiah Thota <quic_janathot@...cinc.com>,
	Johan Hovold <johan+linaro@...nel.org>,
	Marcel Holtmann <marcel@...tmann.org>,
	Luiz Augusto von Dentz <luiz.dentz@...il.com>,
	Matthias Kaehlcke <mka@...omium.org>,
	linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org, Stephen Boyd <swboyd@...omium.org>
Subject: Re: [PATCH] Bluetooth: qca: fix invalid device address check

On Thu, Apr 25, 2024 at 11:22:50PM +0800, Doug Anderson wrote:

> Quick question. I haven't spent lots of time digging into the
> Bluetooth subsystem, but it seems like if the device tree property is
> there it should take precedence anyway, shouldn't it? In other words:
> if we think there is built-in storage for the MAC address but we also
> see a device tree property then we need to decide which of the two we
> are going to use. Are there any instances where there's a bogus DT
> property and we want the built-in storage to override it?

I guess we could decide to implement something like that, but note that
a devicetree may have an all-zero address defined by default which the
boot firmware may or may not fill in.

So we can't just use the presence of the address property as an
indication that the device has an address, but we could of course parse
it and see if it's non-zero first. (Actually, I think this bit about
checking for a non-zero address is already implemented.)

Note however that we still need to determine when the controller address
is invalid for the common case where there is no devicetree property and
user space needs to provide an address before the controller can be used.

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ