lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <45617c4f-60b9-2587-5e29-6330ba2f40a6@broadcom.com>
Date:   Mon, 22 Aug 2016 21:38:23 +0200
From:   Arend Van Spriel <arend.vanspriel@...adcom.com>
To:     Nicolas Iooss <nicolas.iooss_linux@....org>,
        Franky Lin <franky.lin@...adcom.com>,
        Hante Meuleman <hante.meuleman@...adcom.com>,
        linux-wireless@...r.kernel.org, brcm80211-dev-list.pdl@...adcom.com
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] brcmfmac: fix pmksa->bssid usage

On 22-8-2016 15:03, Nicolas Iooss wrote:
> Hello,
> 
> After I sent the following patch a few weeks ago, I have not received
> any feedback. Could you please review it and tell me what I may have
> done wrong?

Nothing. People went on vacation :-)
> Thanks,
> Nicolas
> 
> On 05/08/16 22:34, Nicolas Iooss wrote:
>> The struct cfg80211_pmksa defines its bssid field as:
>>
>>     const u8 *bssid;
>>
>> contrary to struct brcmf_pmksa, which uses:
>>
>>     u8 bssid[ETH_ALEN];
>>
>> Therefore in brcmf_cfg80211_del_pmksa(), &pmksa->bssid takes the address
>> of this field (of type u8**), not the one of its content (which would be
>> u8*).  Remove the & operator to make brcmf_dbg("%pM") and memcmp()
>> behave as expected.
>>
>> This bug have been found using a custom static checker (which checks the
>> usage of %p... attributes at build time).  It has been introduced in
>> commit 6c404f34f2bd ("brcmfmac: Cleanup pmksa cache handling code"),
>> which replaced pmksa->bssid by &pmksa->bssid while refactoring the code,
>> without modifying struct cfg80211_pmksa definition.
>>
>> Fixes: 6c404f34f2bd ("brcmfmac: Cleanup pmksa cache handling code")
>> Cc: stable@....kernel.org

Ah, so you did something wrong after all :-p. The email address should
be 'stable@...r.kernel.org'.

>> Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@....org>
>> ---
>>
>> scripts/checkpatch.pl reports a warning: "Prefer ether_addr_equal() or
>> ether_addr_equal_unaligned() over memcmp()".  Because some files in
>> drivers/net/wireless/broadcom/brcm80211/brcmfmac/ still use memcmp()
>> to compare addresses and because I do not know whether pmksa->bssid is
>> always aligned, I did not follow this warning.

As most of this is done in slow path, I prefer memcmp() as I do not want
to check alignment for minimal performance gain.

>>  drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>> index 2628d5e12c64..aceab77cd95a 100644
>> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>> @@ -3884,11 +3884,11 @@ brcmf_cfg80211_del_pmksa(struct wiphy *wiphy, struct net_device *ndev,
>>  	if (!check_vif_up(ifp->vif))
>>  		return -EIO;
>>  
>> -	brcmf_dbg(CONN, "del_pmksa - PMK bssid = %pM\n", &pmksa->bssid);
>> +	brcmf_dbg(CONN, "del_pmksa - PMK bssid = %pM\n", pmksa->bssid);
>>  
>>  	npmk = le32_to_cpu(cfg->pmk_list.npmk);
>>  	for (i = 0; i < npmk; i++)
>> -		if (!memcmp(&pmksa->bssid, &pmk[i].bssid, ETH_ALEN))
>> +		if (!memcmp(pmksa->bssid, &pmk[i].bssid, ETH_ALEN))

I find '&pmk[i].bssid' confusing so maybe you could change it to
'&pmk[i].bssid[0]' or 'pmk[i].bssid' as I think these two are
essentially the same.

Regards,
Arend

>>  			break;
>>  
>>  	if ((npmk > 0) && (i < npmk)) {
>>
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ