lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <5f452f3d0763dea96cec446996e62128dffe09bb.camel@intel.com>
Date: Fri, 23 Aug 2024 09:29:12 +0000
From: "Berg, Benjamin" <benjamin.berg@...el.com>
To: "make24@...as.ac.cn" <make24@...as.ac.cn>, "dan.carpenter@...aro.org"
	<dan.carpenter@...aro.org>
CC: "Gabay, Daniel" <daniel.gabay@...el.com>, "kvalo@...nel.org"
	<kvalo@...nel.org>, "gregory.greenman@...el.com"
	<gregory.greenman@...el.com>, "Berg, Johannes" <johannes.berg@...el.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Korenblit,
 Miriam Rachel" <miriam.rachel.korenblit@...el.com>,
	"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>
Subject: Re: [PATCH RESEND] wifi: iwlwifi: mvm: fix an error code in
 iwl_mvm_alloc_sta_after_restart()

On Fri, 2024-08-23 at 12:03 +0300, Dan Carpenter wrote:
> On Fri, Aug 23, 2024 at 11:04:23AM +0800, Ma Ke wrote:
> > Dan Carpenter<dan.carpenter@...aro.org> wrote:
> > > The Subject says RESEND but doesn't explain why you are resending.
> > > You probably meant v2, but again it needs an explanation.
> > > 
> > > On Fri, Aug 02, 2024 at 12:27:40PM +0800, Ma Ke wrote:
> > > > This error path should return -EINVAL instead of success.
> > > 
> > > Why do you feel that way?  Have you tested it?  What is the user visible
> > > effect of this bug?
> > > 
> > > I slightly feel hypocritical because I have send lots of commit messages
> > > with exactly this commit message.  The difference is that I only send
> > > really easy patches where it's obvious what the intent was.  A normal
> > > kernel developer wouldn't need to leave their email client or view any
> > > outside information to see that my patch is correct.  If a patch is not
> > > dead easy, I normally just report it.  (Sometimes I report dead easy
> > > bugs as well because I am lazy and maybe it's the end of my work day
> > > or whatever).
> > > 
> > > This patch on the other hand is more subtle and it's not clear why the
> > > continue statements changed into returns.
> > > 
> > > regards,
> > > dan carpenter
> > Thank you for your response to the vulnerability I submitted. Yes, we 
> > believe there is a similar issue. As described in [1], it gets pointers 
> > which are handled under the protection mechanism. If the path is error, it 
> > should return -EINVAL directly instead of success. The discovery of this 
> > problem was confirmed through manual review of the code and compilation 
> > testing. And by the way, I resent the patch because I hadn’t received a 
> > reply for a long time, so I resent it.
> > 
> > [1] https://lore.kernel.org/all/MW5PR11MB58102E1897D7437CD8E1DF27A3DDA@MW5PR11MB5810.namprd11.prod.outlook.com/
> > 
> 
> Oh, huh.  If I understand it correctly, you're copying the logic from my patch.
> 
> 71b5e40651d8 ("wifi: iwlwifi: mvm: fix an error code in iwl_mvm_mld_add_sta()")
> 
> That was a different situation:
> 1) The code was already doing a return instead of a continue, it's just that
>    the error code wasn't set.
> 2) I mentioned in my email that I wasn't sure of the logic, but just copy and
>    pasting from similar code.
> 3) Plus my code is on a WARN_ON() path so it's almost certainly dead code.  That
>    means my patch was very safe.
> 
> Meanwhile Gregory's code looks deliberate.  If it's causing an issue at runtime
> definitely we need to fix that.  Or if we can find a bug in it then sure.  But
> don't assume my code is better than his, because it's likely not the case.

I think the code is correct as-is. Especially as this function is in
the recovery flow after an error, and, if I remember correctly, the
driver state may be somewhat inconsistent with mac80211 here.

An argument about the (in)correctness of this code should consider both
how mac80211 handles restarts and what state the driver might be in
after a firmware assert at an inopportune moment.

Benjamin
Intel Deutschland GmbH
Registered Address: Am Campeon 10, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Sean Fennelly, Jeffrey Schneiderman, Tiffany Doon Silva
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ