lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 2 May 2024 22:05:44 +0200
From: Maximilian Luz <luzmaximilian@...il.com>
To: Guenter Roeck <linux@...ck-us.net>
Cc: Jean Delvare <jdelvare@...e.com>,
 Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>,
 Hans de Goede <hdegoede@...hat.com>, Ivor Wanders <ivor@...nders.net>,
 linux-kernel@...r.kernel.org, platform-driver-x86@...r.kernel.org,
 linux-hwmon@...r.kernel.org
Subject: Re: [PATCH 2/3] hwmon: surface_temp: Add support for sensor names

Hi,

On 4/16/24 11:08 PM, Guenter Roeck wrote:
> On Tue, Apr 16, 2024 at 09:00:05PM +0200, Maximilian Luz wrote:
>> On 4/16/24 3:30 PM, Guenter Roeck wrote:
>>> On Sat, Mar 30, 2024 at 12:24:01PM +0100, Maximilian Luz wrote:
>>
>> [...]
>>
>>>> +static int ssam_tmp_get_name(struct ssam_device *sdev, u8 iid, char *buf, size_t buf_len)
>>>> +{
>>>> +	struct ssam_tmp_get_name_rsp name_rsp;
>>>> +	int status;
>>>> +
>>>> +	status =  __ssam_tmp_get_name(sdev->ctrl, sdev->uid.target, iid, &name_rsp);
>>>> +	if (status)
>>>> +		return status;
>>>> +
>>>> +	/*
>>>> +	 * This should not fail unless the name in the returned struct is not
>>>> +	 * null-terminated or someone changed something in the struct
>>>> +	 * definitions above, since our buffer and struct have the same
>>>> +	 * capacity by design. So if this fails blow this up with a warning.
>>>> +	 * Since the more likely cause is that the returned string isn't
>>>> +	 * null-terminated, we might have received garbage (as opposed to just
>>>> +	 * an incomplete string), so also fail the function.
>>>> +	 */
>>>> +	status = strscpy(buf, name_rsp.name, buf_len);
>>>> +	WARN_ON(status < 0);
>>>
>>> Not acceptable. From include/asm-generic/bug.h:
>>>
>>>    * Do not use these macros when checking for invalid external inputs
>>>    * (e.g. invalid system call arguments, or invalid data coming from
>>>    * network/devices), and on transient conditions like ENOMEM or EAGAIN.
>>>    * These macros should be used for recoverable kernel issues only.
>>>
>>
>> Hmm, I always interpreted that as "do not use for checking user-defined
>> input", which this is not.
>>
> 
> "invalid data coming from network/devices" is not user-defined input.
> 
>> The reason I added/requested it here was to check for "bugs" in how we
>> think the interface behaves (and our definitions related to it) as the
>> interface was reverse-engineered. Generally, when this fails I expect
>> that we made some mistake in our code (or the things we assume about the
>> interface), which likely causes us to interpret the received data as
>> "garbage" (and not the EC sending corrupted data, which it is generally
>> not due to CRC checking and validation in the SAM driver). Hence, I
>> personally would prefer if this blows up in a big warning with a trace
>> attached to it, so that an end-user can easily report this to us and
>> that we can appropriately deal with it. As opposed to some one-line
>> error message that will likely get overlooked or not taken as seriously.
>>
> 
> I have heard the "This backtrace is absolutely essential" argument before,
> including the "will be fixed" part. Chromebooks report more than 500,000
> warning backtraces _every single day_. None of them is getting fixed.
> 
>> If you still insist, I could change that to a dev_err() message. Or
>> maybe make the comment a bit clearer.
> 
> dev_err() would be acceptable. WARN() or WARN_ON() are no-go.

Sorry for the delayed response. I will change this to a dev_err() then
and try to re-spin the patches this weekend.

Best regards,
Max

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ