lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3a9fc675-9c39-47e1-8735-a9d107b4d0be@stanley.mountain>
Date: Fri, 23 Aug 2024 12:03:35 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Ma Ke <make24@...as.ac.cn>
Cc: benjamin.berg@...el.com, daniel.gabay@...el.com,
	gregory.greenman@...el.com, johannes.berg@...el.com,
	kvalo@...nel.org, linux-kernel@...r.kernel.org,
	linux-wireless@...r.kernel.org, miriam.rachel.korenblit@...el.com
Subject: Re: [PATCH RESEND] wifi: iwlwifi: mvm: fix an error code in
 iwl_mvm_alloc_sta_after_restart()

On Fri, Aug 23, 2024 at 11:04:23AM +0800, Ma Ke wrote:
> Dan Carpenter<dan.carpenter@...aro.org> wrote:
> > The Subject says RESEND but doesn't explain why you are resending.
> > You probably meant v2, but again it needs an explanation.
> > 
> > On Fri, Aug 02, 2024 at 12:27:40PM +0800, Ma Ke wrote:
> > > This error path should return -EINVAL instead of success.
> > 
> > Why do you feel that way?  Have you tested it?  What is the user visible
> > effect of this bug?
> > 
> > I slightly feel hypocritical because I have send lots of commit messages
> > with exactly this commit message.  The difference is that I only send
> > really easy patches where it's obvious what the intent was.  A normal
> > kernel developer wouldn't need to leave their email client or view any
> > outside information to see that my patch is correct.  If a patch is not
> > dead easy, I normally just report it.  (Sometimes I report dead easy
> > bugs as well because I am lazy and maybe it's the end of my work day
> > or whatever).
> > 
> > This patch on the other hand is more subtle and it's not clear why the
> > continue statements changed into returns.
> > 
> > regards,
> > dan carpenter
> Thank you for your response to the vulnerability I submitted. Yes, we 
> believe there is a similar issue. As described in [1], it gets pointers 
> which are handled under the protection mechanism. If the path is error, it 
> should return -EINVAL directly instead of success. The discovery of this 
> problem was confirmed through manual review of the code and compilation 
> testing. And by the way, I resent the patch because I hadn’t received a 
> reply for a long time, so I resent it.
> 
> [1] https://lore.kernel.org/all/MW5PR11MB58102E1897D7437CD8E1DF27A3DDA@MW5PR11MB5810.namprd11.prod.outlook.com/
> 

Oh, huh.  If I understand it correctly, you're copying the logic from my patch.

71b5e40651d8 ("wifi: iwlwifi: mvm: fix an error code in iwl_mvm_mld_add_sta()")

That was a different situation:
1) The code was already doing a return instead of a continue, it's just that
   the error code wasn't set.
2) I mentioned in my email that I wasn't sure of the logic, but just copy and
   pasting from similar code.
3) Plus my code is on a WARN_ON() path so it's almost certainly dead code.  That
   means my patch was very safe.

Meanwhile Gregory's code looks deliberate.  If it's causing an issue at runtime
definitely we need to fix that.  Or if we can find a bug in it then sure.  But
don't assume my code is better than his, because it's likely not the case.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ