Search Linux Wireless

Re: [PATCH] ath10k: fix recent bandwidth conversion bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Rafał Miłecki <zajec5@xxxxxxxxx> writes:

> On 14 December 2017 at 14:21, Kalle Valo <kvalo@xxxxxxxxxxxxxxxx> wrote:
>> Christian Lamparter <chunkeey@xxxxxxxxx> writes:
>>
>>> On Monday, November 20, 2017 11:57:21 AM CET Kalle Valo wrote:
>>>> Christian Lamparter <chunkeey@xxxxxxxxx> writes:
>>>>
>>>> > On Wednesday, November 1, 2017 9:37:53 PM CET Sebastian Gottschall wrote:
>>>> >> a additional array bounds check would be good
>>>> >
>>>> > Ah, about that:
>>>> >
>>>> > the bw variable in ath10k_htt_rx_h_rates() is extracted from info2
>>>> > in the following way [0]:
>>>> > |  bw = info2 & 3;
>>>> >
>>>> > the txrate.bw variable in ath10k_update_per_peer_tx_stats() is set by [1]:
>>>> > |  txrate.bw = ATH10K_HW_BW(peer_stats->flags);
>>>> >
>>>> > ATH10K_HW_BW is a macro defined as [2]:
>>>> > |  #define ATH10K_HW_BW(flags)             (((flags) >> 3) & 0x3)
>>>> >
>>>> > In both cases the bandwidth values already are limited to 0-3 by
>>>> > the "and 3" operation.
>>>>
>>>> Until someone changes that part of the code (and the firmware
>>>> interface). IMHO a switch is safer as there we don't have any risk of
>>>> out of bands access.
>>>
>>> The kbuild-bot/CI can catch this too.
>>>
>>> For example, it will look like this:
>>> drivers/net/wireless/ath/ath10k//htt_rx.c:710:52: warning: invalid
>>> access past the end of 'ath10k_bw_to_mac80211' (4 4)
>>
>> Sure, but after reading about all these security vulnerabilities I have
>> become even more cautious and try to avoid all tricky stuff.
>>
>>> BTW:
>>> Have you noticed:
>>>
>>> <https://github.com/lede-project/source/blob/master/package/kernel/mac80211/patches/319-ath10k-fix-recent-bandwidth-conversion-bug.patch>
>>>
>>> Is this really your signed-off-by or not?
>>
>> I suspect that patch is taken from my pending branch.
>>
>>> In any case, you - as the maintainer - can modify the patch as
>>> you see fit. So, please do so.
>>
>> Ok, we'll send v2.
>
> Hi Kalle,
>
> I'm trying to figure out the fate of that LEDE's patch. I don't think
> you ever sent V2.
>
> Is that fix still needed? Are you planning to send V2?

Anil now sent v2 (he just forgot to mark it as such):

https://patchwork.kernel.org/patch/10273445/

Thanks for the reminder.

-- 
Kalle Valo




[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux