Search Linux Wireless

Re: [PATCH] iwlwifi: actually check allocated conf_tlv pointer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Apr 5, 2020 at 11:14 AM Kalle Valo <kvalo@xxxxxxxxxxxxxx> wrote:
>
> Luca Coelho <luca@xxxxxxxxx> writes:
>
> > On Sun, 2020-04-05 at 11:44 +0300, Kalle Valo wrote:
> >> Chris Rorvick <chris@xxxxxxxxxxx> writes:
> >>
> >> > Commit 71bc0334a637 ("iwlwifi: check allocated pointer when allocating
> >> > conf_tlvs") attempted to fix a typoe introduced by commit 17b809c9b22e
> >> > ("iwlwifi: dbg: move debug data to a struct") but does not implement the
> >> > check correctly.
> >> >
> >> > Tweeted-by: @grsecurity
> >> > Signed-off-by: Chris Rorvick <chris@xxxxxxxxxxx>
> >>
> >> I'll add:
> >>
> >> Fixes: 71bc0334a637 ("iwlwifi: check allocated pointer when allocating conf_tlvs")
> >>
> >> > ---
> >> > In this wasn't picked up?
> >>
> >> Luca, can I take this directly?
> >
> > Yes, please take it directly.
>
> Ok, assigned it to me in patchwork.
>
> > This can happen in OOM situations and, when it does, we will
> > potentially try to dereference a NULL pointer.
>
> I'll add this to the commit log.
>

Hi,

Friendly ping.

Any progress on this?

This patch seems not have landed in Linux v5.7-rc1.

$ head -5 Makefile
# SPDX-License-Identifier: GPL-2.0
VERSION = 5
PATCHLEVEL = 7
SUBLEVEL = 0
EXTRAVERSION = -rc1

$ LC_ALL=C git apply --check --verbose
../patches/iwlwifi-fixes-5.6/iwlwifi-actually-check-allocated-conf_tlv-pointer-v2-dileks.patch
Checking patch drivers/net/wireless/intel/iwlwifi/iwl-drv.c...

I have attached my v2 which I have tested on top of Linux v5.6.3.

Feel free to add my...

Tested-by: Sedat Dilek <sedat.dilek@xxxxxxxxx>

Regards,
- Sedat -
From patchwork Thu Apr  2 05:02:19 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chris Rorvick <chris@xxxxxxxxxxx>
X-Patchwork-Id: 11470125
X-Patchwork-Delegate: kvalo@xxxxxxxxxx
Return-Path: <SRS0=piom=5S=vger.kernel.org=linux-wireless-owner@xxxxxxxxxx>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4918115AB
	for <patchwork-linux-wireless@xxxxxxxxxxxxxxxxxxxx>;
 Thu,  2 Apr 2020 05:40:22 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 26CF720784
	for <patchwork-linux-wireless@xxxxxxxxxxxxxxxxxxxx>;
 Thu,  2 Apr 2020 05:40:22 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=gmail.com header.i=@gmail.com header.b="oGgRiCyG"
Received: (majordomo@xxxxxxxxxxxxxxx) by vger.kernel.org via listexpand
        id S1727746AbgDBFkR (ORCPT
        <rfc822;patchwork-linux-wireless@xxxxxxxxxxxxxxxxxxxx>);
        Thu, 2 Apr 2020 01:40:17 -0400
Received: from mail-qk1-f193.google.com ([209.85.222.193]:34234 "EHLO
        mail-qk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726201AbgDBFkR (ORCPT
        <rfc822;linux-wireless@xxxxxxxxxxxxxxx>);
        Thu, 2 Apr 2020 01:40:17 -0400
Received: by mail-qk1-f193.google.com with SMTP id i6so2814149qke.1;
        Wed, 01 Apr 2020 22:40:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=Hj9hqNcME2oIKIw+5Vx3xGDXGbaFZ4ovP+thufGAVmU=;
        b=oGgRiCyGM1NttzIOzX4lwfWaLVWlVNJVxi3p2J32f8r5BrPNarW8vx/Yl6iLZg5HU/
         y1n7ZlChgcMzf6CBkZqbMoDBLXJcQzKXki+ZUF7JoXFN4UXXS8qJ4XMG1Dy5hJIP3D2q
         PxIWu5Jz96mjpP+jTJdf8y6ohWWqVQYGRE+1Buh1xTTha5aNmdttUQo7vhVy+mQC//Xs
         LEuGp+m+fJGeAswwrLaJzN9iuSErM4LRexHOGPl21AVS1fxbUL0yQWNG/9NYEI/wx1B6
         sLOCt5cU4xBWmc99Zmu9lpWLpu4MQRIbmJsSeB8vI+u6Zhyi9W1GAygUEPh5rP6Dw1iu
         YEvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :mime-version:content-transfer-encoding;
        bh=Hj9hqNcME2oIKIw+5Vx3xGDXGbaFZ4ovP+thufGAVmU=;
        b=Smif+8RHLKd1nWQ1GDTERfSIhNR7k4Z7JHxwVtF7WlQghN6KbKR3gkPWuGkSbacT3/
         4DYz127WT4bSInQrSv+qtk+X12RjcBiMlovv5pHNelKD6i1a1aP9xZFo0LTwT860HKx1
         y6qxIHvObx/GheS4j0u3ogus0uNzEvTnlIptNQhA3ifwvQNbDh8CuJWaeQVvNB29si1v
         7kNV8ivhLPLpGA99IAjgA08wgROQD68QC/SpEahxG2LzEG0dITRMUeFoHAq/5YYBuBy5
         8OxEfsR0G3SqdqLYl8qnuRFFpixh++N2XKpDhqP23Y25U3UZfVRYixxpVTGCqJhqxKWQ
         FEQA==
X-Gm-Message-State: AGi0PubsIirzpTp/gtfpoocLpGEqUHWZ6H4oC2JT+fOsEwWJEP7mCPKO
        GpUyv8R62QuZ9JFioWVUj+u9Yktv
X-Google-Smtp-Source: 
 APiQypKYQzwTCauSCZsNzFwP7pSAbf43FjGqHiBn/lCnEhAbO+zIU1RyY8RLX9MuztxrJHSKsfzyeg==
X-Received: by 2002:a37:4c4d:: with SMTP id z74mr1842987qka.53.1585806015666;
        Wed, 01 Apr 2020 22:40:15 -0700 (PDT)
Received: from localhost (c-73-74-7-9.hsd1.il.comcast.net. [73.74.7.9])
        by smtp.gmail.com with ESMTPSA id
 t140sm2911459qke.48.2020.04.01.22.40.13
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 01 Apr 2020 22:40:14 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
        by localhost (8.15.2/8.14.9) with ESMTP id 0325eAOc005904;
        Thu, 2 Apr 2020 00:40:12 -0500
Received: (from chris@localhost)
        by localhost (8.15.2/8.15.2/Submit) id 03254KY3004887;
        Thu, 2 Apr 2020 00:04:20 -0500
From: Chris Rorvick <chris@xxxxxxxxxxx>
To: linux-wireless@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx,
        linux-kernel@xxxxxxxxxxxxxxx
Cc: Chris Rorvick <chris@xxxxxxxxxxx>,
        Johannes Berg <johannes.berg@xxxxxxxxx>,
        Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>,
        Luca Coelho <luciano.coelho@xxxxxxxxx>,
        Intel Linux Wireless <linuxwifi@xxxxxxxxx>,
        Kalle Valo <kvalo@xxxxxxxxxxxxxx>,
        "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject: [PATCH] iwlwifi: actually check allocated conf_tlv pointer
Date: Thu,  2 Apr 2020 00:02:19 -0500
Message-Id: <20200402050219.4842-1-chris@xxxxxxxxxxx>
X-Mailer: git-send-email 2.25.0
MIME-Version: 1.0
Sender: linux-wireless-owner@xxxxxxxxxxxxxxx
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@xxxxxxxxxxxxxxx

Commit 71bc0334a637 ("iwlwifi: check allocated pointer when allocating
conf_tlvs") attempted to fix a typoe introduced by commit 17b809c9b22e
("iwlwifi: dbg: move debug data to a struct") but does not implement the
check correctly.

Fixes: 71bc0334a637 ("iwlwifi: check allocated pointer when allocating conf_tlvs")
Tweeted-by: @grsecurity
Signed-off-by: Chris Rorvick <chris@xxxxxxxxxxx>
---

[ v1->v2:
  - Fix typo s/fw.dbg_conf_tlv/fw.dbg.conf_tlv
  - Add Fixes tag as suggested by Kalle
-dileks ]

 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
index ff52e69c1c80..a37f330e7bd4 100644
--- a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
@@ -1465,11 +1465,11 @@ static void iwl_req_fw_callback(const struct firmware *ucode_raw, void *context)
 		if (pieces->dbg_conf_tlv[i]) {
 			drv->fw.dbg.conf_tlv[i] =
 				kmemdup(pieces->dbg_conf_tlv[i],
 					pieces->dbg_conf_tlv_len[i],
 					GFP_KERNEL);
-			if (!pieces->dbg_conf_tlv[i])
+			if (!drv->fw.dbg.conf_tlv[i])
 				goto out_free_fw;
 		}
 	}
 
 	memset(&trigger_tlv_sz, 0xff, sizeof(trigger_tlv_sz));

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux