lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 7 Nov 2022 15:44:55 +0100
From:   Marek Vasut <marex@...x.de>
To:     Kalle Valo <kvalo@...nel.org>
Cc:     linux-wireless@...r.kernel.org, Angus Ainslie <angus@...ea.ca>,
        Jakub Kicinski <kuba@...nel.org>,
        Johannes Berg <johannes@...solutions.net>,
        Martin Fuzzey <martin.fuzzey@...wbird.group>,
        Martin Kepplinger <martink@...teo.de>,
        Prameela Rani Garnepudi <prameela.j04cs@...il.com>,
        Sebastian Krzyszkowiak <sebastian.krzyszkowiak@...i.sm>,
        Siva Rebbagondla <siva8118@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH v5] wifi: rsi: Fix handling of 802.3 EAPOL frames sent via
 control port

On 11/7/22 14:54, Kalle Valo wrote:
> Marek Vasut <marex@...x.de> writes:
> 
>>> BTW did you test this on a real device?
>>
>> Yes, SDIO RS9116 on next-20221104 and 5.10.153 .
> 
> Very good, thanks.
> 
>> What prompts this question ?
> 
> I get too much "fixes" which have been nowhere near real hardware and
> can break the driver instead of fixing anything, especially syzbot
> patches have been notorious. So I have become cautious.

Ah, this is a real problem right here.

wpa-supplicant 2.9 from OE dunfell 3.1 works.
wpa-supplicant 2.10 from OE kirkstone 4.0 fails.

That's how I ran into this initially. My subsequent tests were with 
debian wpa-supplicant 2.9 and 2.10 packages, since that was easier, they 
(2.10 does, 2.9 does not) trigger the problem all the same.

I'm afraid this RSI driver is so poorly maintained and has so many bugs, 
that, there is little that can make it worse. The dealing I had with RSI 
has been ... long ... and very depressing. I tried to get documentation 
or anything which would help us fix the problems we have with this RSI 
driver ourselves, but RSI refused it all and suggested we instead use 
their downstream driver (I won't go into the quality of that). It seems 
RSI has little interest in maintaining the upstream driver, pity.

I've been tempted to flag this driver as BROKEN for a while, to prevent 
others from suffering with it. Until I send such a patch, you can expect 
real fixes coming from my end at least.

Powered by blists - more mailing lists