| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <08cfa289-111c-416d-8e5a-971961d954ca@quicinc.com>
Date: Fri, 14 Mar 2025 08:46:50 +0800
From: Miaoqing Pan <quic_miaoqing@...cinc.com>
To: Johan Hovold <johan@...nel.org>
CC: Jeff Johnson <jeff.johnson@....qualcomm.com>, <ath11k@...ts.infradead.org>,
<linux-wireless@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<johan+linaro@...nel.org>
Subject: Re: [PATCH v2 ath-next 2/2] wifi: ath11k: fix HTC rx insufficient
length
On 3/13/2025 11:57 PM, Johan Hovold wrote:
> On Thu, Mar 13, 2025 at 09:41:51AM +0800, Miaoqing Pan wrote:
>> On 3/13/2025 12:43 AM, Johan Hovold wrote:
>
>>> I've taken a closer look at the driver and it seems like we're missing a
>>> read barrier to make sure that the updated descriptor is not read until
>>> after the head pointer.
>>>
>>> Miaoqing, could you try the below patch with your reproducer and see if
>>> it is enough to fix the corruption?
>>
>> Sure, the stress test is running.
>
> Thanks.
>
>>> If so I can resend with the warning removed and include a corresponding
>>> fix for ath12k (it looks like there are further places where barriers
>>> are missing too).
>
>> If the DMA read barrier works, do you think my submitted patch series is
>> still needed? Because the error handling is incorrect.
>
> Yeah, it would still be good to fix up the error handling even if you
> don't expect to ever see a descriptor with length 0.
>
> But unless the device is doing something wrong here, there shouldn't be
> a need for peeking at the descriptor and retrying.
>
> Johan
New version will be submitted based on the previous discussion.
Powered by blists - more mailing lists