[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZykQiY0jvxKqrCIb@google.com>
Date: Mon, 4 Nov 2024 18:20:57 +0000
From: Aleksei Vetrov <vvvvvv@...gle.com>
To: Jeff Johnson <quic_jjohnson@...cinc.com>
Cc: Johannes Berg <johannes@...solutions.net>, Kees Cook <kees@...nel.org>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Dmitry Antipov <dmantipov@...dex.ru>,
linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH v2] wifi: nl80211: fix bounds checker error in
nl80211_parse_sched_scan
On Mon, Nov 04, 2024 at 09:12:09AM -0800, Jeff Johnson wrote:
> Reviewed-by: Jeff Johnson <quic_jjohnson@...cinc.com>
>
> And it is exactly this kind of issue why I'm not accepting any __counted_by()
> changes in ath.git without actually testing the code that is modified.
However, I was really lucky that my setup used nl80211_parse_sched_scan
during normal operations and triggered bound sanitizer. After the patch
was developed, I accidently wiped my device and couldn't reproduce the
bug again normally, so I had to use iw tool to trigger
nl80211_parse_sched_scan manually to test it properly.
I looked for some tests that cover this function and that I can run on
the device, but couldn't find any. It would be nice if you know about
such tests, so I can check if there are any other places where bound
sanitizer may be triggered. I only know syzkaller tool that may be used
to get more kernel coverage in general.
Best regards,
--
Aleksei Vetrov
Powered by blists - more mailing lists