| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z9MAehaipGtwge8p@hovoldconsulting.com> Date: Thu, 13 Mar 2025 16:57:46 +0100 From: Johan Hovold <johan@...nel.org> To: Miaoqing Pan <quic_miaoqing@...cinc.com> Cc: Jeff Johnson <jeff.johnson@....qualcomm.com>, ath11k@...ts.infradead.org, linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org, johan+linaro@...nel.org Subject: Re: [PATCH v2 ath-next 2/2] wifi: ath11k: fix HTC rx insufficient length On Thu, Mar 13, 2025 at 09:41:51AM +0800, Miaoqing Pan wrote: > On 3/13/2025 12:43 AM, Johan Hovold wrote: > > I've taken a closer look at the driver and it seems like we're missing a > > read barrier to make sure that the updated descriptor is not read until > > after the head pointer. > > > > Miaoqing, could you try the below patch with your reproducer and see if > > it is enough to fix the corruption? > > Sure, the stress test is running. Thanks. > > If so I can resend with the warning removed and include a corresponding > > fix for ath12k (it looks like there are further places where barriers > > are missing too). > If the DMA read barrier works, do you think my submitted patch series is > still needed? Because the error handling is incorrect. Yeah, it would still be good to fix up the error handling even if you don't expect to ever see a descriptor with length 0. But unless the device is doing something wrong here, there shouldn't be a need for peeking at the descriptor and retrying. Johan
Powered by blists - more mailing lists