lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5064D318.6090705@lwfinger.net>
Date:	Thu, 27 Sep 2012 17:28:40 -0500
From:	Larry Finger <Larry.Finger@...inger.net>
To:	Joe Perches <joe@...ches.com>
CC:	Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
	Chaoming Li <chaoming_li@...lsil.com.cn>,
	"David S. Miller" <davem@...emloft.net>,
	linux-wireless@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH] rtlwifi: use %*ph[C] to dump small buffers

On 09/26/2012 11:45 AM, Joe Perches wrote:
> On Wed, 2012-09-26 at 16:57 +0300, Andy Shevchenko wrote:
>> Signed-off-by: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
>
> Hi Andy.
>
> (adding Larry and Chaoming to cc's)
>
> Please use scripts/get_maintainer.pl on your patches to
> see who maintains these files so you can cc them.
>
> One comment below, it looks like a possible endian bug.
> (not in your patch)
>
>> ---
>>   drivers/net/wireless/rtlwifi/cam.c          |    7 ++-----
>>   drivers/net/wireless/rtlwifi/rtl8192ce/hw.c |    6 ++----
>>   drivers/net/wireless/rtlwifi/rtl8192cu/hw.c |    6 ++----
>>   3 files changed, 6 insertions(+), 13 deletions(-)
>>
>> diff --git a/drivers/net/wireless/rtlwifi/cam.c b/drivers/net/wireless/rtlwifi/cam.c
>> index 5b4b4d4..6ba9f80 100644
>> --- a/drivers/net/wireless/rtlwifi/cam.c
>> +++ b/drivers/net/wireless/rtlwifi/cam.c
>> @@ -52,11 +52,8 @@ static void rtl_cam_program_entry(struct ieee80211_hw *hw, u32 entry_no,
>>   	u32 target_content = 0;
>>   	u8 entry_i;
>>
>> -	RT_TRACE(rtlpriv, COMP_SEC, DBG_LOUD,
>> -		 "key_cont_128:\n %x:%x:%x:%x:%x:%x\n",
>> -		 key_cont_128[0], key_cont_128[1],
>> -		 key_cont_128[2], key_cont_128[3],
>> -		 key_cont_128[4], key_cont_128[5]);
>> +	RT_TRACE(rtlpriv, COMP_SEC, DBG_LOUD, "key_cont_128: %*ph\n",
>> +			6, key_cont_128);
>>
>>   	for (entry_i = 0; entry_i < CAM_CONTENT_COUNT; entry_i++) {
>>   		target_command = entry_i + CAM_CONTENT_COUNT * entry_no;
>> diff --git a/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c b/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
>> index 86d73b3..932780d 100644
>> --- a/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
>> +++ b/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
>> @@ -1918,10 +1918,8 @@ static void rtl92ce_update_hal_rate_mask(struct ieee80211_hw *hw,
>>   				     (ratr_index << 28);
>>   	rate_mask[4] = macid | (shortgi ? 0x20 : 0x00) | 0x80;
>>   	RT_TRACE(rtlpriv, COMP_RATR, DBG_DMESG,
>> -		 "Rate_index:%x, ratr_val:%x, %x:%x:%x:%x:%x\n",
>> -		 ratr_index, ratr_bitmap,
>> -		 rate_mask[0], rate_mask[1], rate_mask[2], rate_mask[3],
>> -		 rate_mask[4]);
>> +		 "Rate_index:%x, ratr_val:%x, %*phC\n",
>> +		 ratr_index, ratr_bitmap, 5, rate_mask);
>>   	rtl92c_fill_h2c_cmd(hw, H2C_RA_MASK, 5, rate_mask);
>>
>>   	if (macid != 0)
>> diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/hw.c b/drivers/net/wireless/rtlwifi/rtl8192cu/hw.c
>> index 4bbb711..7554501 100644
>> --- a/drivers/net/wireless/rtlwifi/rtl8192cu/hw.c
>> +++ b/drivers/net/wireless/rtlwifi/rtl8192cu/hw.c
>> @@ -2169,10 +2169,8 @@ void rtl92cu_update_hal_rate_mask(struct ieee80211_hw *hw, u8 rssi_level)
>>   				      ratr_index << 28);
>>   	rate_mask[4] = macid | (shortgi ? 0x20 : 0x00) | 0x80;
>>   	RT_TRACE(rtlpriv, COMP_RATR, DBG_DMESG,
>> -		 "Rate_index:%x, ratr_val:%x, %x:%x:%x:%x:%x\n",
>> -		 ratr_index, ratr_bitmap,
>> -		 rate_mask[0], rate_mask[1], rate_mask[2], rate_mask[3],
>> -		 rate_mask[4]);
>> +		 "Rate_index:%x, ratr_val:%x, %*phC\n",
>> +		 ratr_index, ratr_bitmap, 5, rate_mask);
>>   	rtl92c_fill_h2c_cmd(hw, H2C_RA_MASK, 5, rate_mask);
>>   }
>>
>
> rate_mask uses:
>
> 	u32 ratr_bitmap = (u32) mac->basic_rates;
> ...
> 	u8 rate_mask[5];
> ...
> 	[sets ratr_bitmap as u32]
> ...
> 	*(u32 *)&rate_mask = ((ratr_bitmap & 0x0fffffff) |
> 				      ratr_index << 28);
> ...
> 	rtl92c_fill_h2c_cmd(hw, H2C_RA_MASK, 5, rate_mask);
>
> Looks like a possible endian misuse to me.

After a second look at the code, I don't think this is an endian issue; however, 
I am proposing the following changes to remove any doubt:

Index: wireless-testing-new/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
===================================================================
--- wireless-testing-new.orig/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
+++ wireless-testing-new/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c
@@ -1964,8 +1965,9 @@ static void rtl92ce_update_hal_rate_mask

         RT_TRACE(rtlpriv, COMP_RATR, DBG_DMESG,
                  "ratr_bitmap :%x\n", ratr_bitmap);
-       *(u32 *)&rate_mask = (ratr_bitmap & 0x0fffffff) |
-                                    (ratr_index << 28);
+       for (i = 0; i < 3; i++)
+               rate_mask[i] = ratr_bitmap & (0xff << (i * 4));
+       rate_mask[3] = (ratr_bitmap & 0x0f000000) | (ratr_index << 28);
         rate_mask[4] = macid | (shortgi ? 0x20 : 0x00) | 0x80;
         RT_TRACE(rtlpriv, COMP_RATR, DBG_DMESG,
                  "Rate_index:%x, ratr_val:%x, %*phC\n",

The downstream routine uses this info as an array of u8, thus it is OK. A proper 
patch will be sent later. At least we avoid that ugly cast.

Larry


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ