lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <19073f6bf08.279b.9b12b7fc0a3841636cfb5e919b41b954@broadcom.com>
Date: Tue, 02 Jul 2024 17:01:09 +0200
From: Arend Van Spriel <arend.vanspriel@...adcom.com>
To: Jonas Gorski <jonas.gorski@...il.com>, Su Hui <suhui@...china.com>
CC: <kvalo@...nel.org>, <johannes.berg@...el.com>, <kees@...nel.org>, <a@...repo.ru>, <quic_alokad@...cinc.com>, <zyytlz.wz@....com>, <marcan@...can.st>, <petr.tesarik.ext@...wei.com>, <duoming@....edu.cn>, <colin.i.king@...il.com>, <u.kleine-koenig@...gutronix.de>, <quic_jjohnson@...cinc.com>, <linville@...driver.com>, <pieterpg@...adcom.com>, <meuleman@...adcom.com>, <frankyl@...adcom.com>, <stanley.hsu@...ress.com>, <wright.feng@...ress.com>, <ian.lin@...ineon.com>, <chi-hsien.lin@...ress.com>, <zajec5@...il.com>, <antonio@...n-mesh.com>, <franky.lin@...adcom.com>, <linux-wireless@...r.kernel.org>, <brcm80211@...ts.linux.dev>, <brcm80211-dev-list.pdl@...adcom.com>, <linux-kernel@...r.kernel.org>, <kernel-janitors@...r.kernel.org>
Subject: Re: [PATCH wireless 0/9] wifi: cfg80211: avoid some garbage values

On July 2, 2024 4:02:39 PM Jonas Gorski <jonas.gorski@...il.com> wrote:

> Hi,
>
> On Tue, 2 Jul 2024 at 14:50, Su Hui <suhui@...china.com> wrote:
>>
>> Clang static checker (scan-build) has some warnings as follows.
>>
>> included from drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c:16
>> drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h:123:2:
>> warning:Assigned value is garbage or undefined [core.uninitialized.Assign]
>> 123 |         __le32 data_le = cpu_to_le32(*data);
>> |         ^~~~~~~~~~~~~~   ~~~~~~~~~~~~~~~~~~
>> drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c:138:3:warning
>> Value stored to 'err' is never read [deadcode.DeadStores]
>>
>> There are some functions like brcmf_fil_{cmd,iovar,basscfg}_int_get()
>> which read the value of its parameter, but some callers have not
>> initialized these parameters which will be read. And this patchset fixes
>> these problems.
>
> The core issue here seems to be that
> brcmf_fil_{cmd,iovar,basscfg}_int_get() function (needlessly?) read
> from *data.
>
> So instead of forcing all callers of
> brcmf_fil_{cmd,iovar,basscfg}_int_get() to initialize *data first, I
> suggest changing brcmf_fil_{cmd,iovar,basscfg}_int_get() to just not
> read from it.
>
> I see no reason why they should care about what the previous value
> was, since they are supposed to overwrite it anyway.

The issue here is that these are generic functions and there is a reason. 
Some firmware API primitives allow/require the caller to pass selection 
parameters in *data. We wanted to keep the functions generic and leave out 
that knowledge. I suppose we could introduce a separate set of api 
functions for that purpose, but it seems like significant overhead to 
silence compiler warnings. Guess I underestimate the potential risk of 
leaking few bytes of stack data.


Regards,
Arend





Download attachment "smime.p7s" of type "application/pkcs7-signature" (4219 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ