| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3a9fc675-9c39-47e1-8735-a9d107b4d0be@stanley.mountain>
Date: Fri, 23 Aug 2024 12:03:35 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Ma Ke <make24@...as.ac.cn>
Cc: benjamin.berg@...el.com, daniel.gabay@...el.com,
gregory.greenman@...el.com, johannes.berg@...el.com,
kvalo@...nel.org, linux-kernel@...r.kernel.org,
linux-wireless@...r.kernel.org, miriam.rachel.korenblit@...el.com
Subject: Re: [PATCH RESEND] wifi: iwlwifi: mvm: fix an error code in
iwl_mvm_alloc_sta_after_restart()
On Fri, Aug 23, 2024 at 11:04:23AM +0800, Ma Ke wrote:
> Dan Carpenter<dan.carpenter@...aro.org> wrote:
> > The Subject says RESEND but doesn't explain why you are resending.
> > You probably meant v2, but again it needs an explanation.
> >
> > On Fri, Aug 02, 2024 at 12:27:40PM +0800, Ma Ke wrote:
> > > This error path should return -EINVAL instead of success.
> >
> > Why do you feel that way? Have you tested it? What is the user visible
> > effect of this bug?
> >
> > I slightly feel hypocritical because I have send lots of commit messages
> > with exactly this commit message. The difference is that I only send
> > really easy patches where it's obvious what the intent was. A normal
> > kernel developer wouldn't need to leave their email client or view any
> > outside information to see that my patch is correct. If a patch is not
> > dead easy, I normally just report it. (Sometimes I report dead easy
> > bugs as well because I am lazy and maybe it's the end of my work day
> > or whatever).
> >
> > This patch on the other hand is more subtle and it's not clear why the
> > continue statements changed into returns.
> >
> > regards,
> > dan carpenter
> Thank you for your response to the vulnerability I submitted. Yes, we
> believe there is a similar issue. As described in [1], it gets pointers
> which are handled under the protection mechanism. If the path is error, it
> should return -EINVAL directly instead of success. The discovery of this
> problem was confirmed through manual review of the code and compilation
> testing. And by the way, I resent the patch because I hadn’t received a
> reply for a long time, so I resent it.
>
> [1] https://lore.kernel.org/all/MW5PR11MB58102E1897D7437CD8E1DF27A3DDA@MW5PR11MB5810.namprd11.prod.outlook.com/
>
Oh, huh. If I understand it correctly, you're copying the logic from my patch.
71b5e40651d8 ("wifi: iwlwifi: mvm: fix an error code in iwl_mvm_mld_add_sta()")
That was a different situation:
1) The code was already doing a return instead of a continue, it's just that
the error code wasn't set.
2) I mentioned in my email that I wasn't sure of the logic, but just copy and
pasting from similar code.
3) Plus my code is on a WARN_ON() path so it's almost certainly dead code. That
means my patch was very safe.
Meanwhile Gregory's code looks deliberate. If it's causing an issue at runtime
definitely we need to fix that. Or if we can find a bug in it then sure. But
don't assume my code is better than his, because it's likely not the case.
regards,
dan carpenter
Powered by blists - more mailing lists