lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 20 Oct 2020 00:47:01 +0200
From:   "Maciej S. Szmigiero" <mail@...iej.szmigiero.name>
To:     Jia-Ju Bai <baijiaju1990@...il.com>
Cc:     kvalo@...eaurora.org, davem@...emloft.net, kuba@...nel.org,
        vaibhavgupta40@...il.com, christophe.jaillet@...adoo.fr,
        linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rtl8180: avoid accessing the data mapped to streaming DMA

On 19.10.2020 04:54, Jia-Ju Bai wrote:
> In rtl8180_tx(), skb->data is mapped to streaming DMA on line 476:
>   mapping = dma_map_single(..., skb->data, ...);
> 
> On line 459, skb->data is assigned to hdr after cast:
>   struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
> 
> Then hdr->seq_ctrl is accessed on lines 540 and 541:
>   hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
>   hdr->seq_ctrl |= cpu_to_le16(priv->seqno);
> 
> These DMA accesses may cause data inconsistency between CPU and hardwre.
> 
> To fix this problem, hdr->seq_ctrl is accessed before the DMA mapping.
> 

This looks like a bug fix to me, shouldn't this have a Fixes: tag and
be CC'ed to stable@?

Maciej

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ