From: Greg KH <gregkh@linuxfoundation.org>
To: Edward Adam Davis <eadavis@qq.com>
Cc: syzbot+92c6dd14aaa230be6855@syzkaller.appspotmail.com,
kvalo@kernel.org, linux-kernel@vger.kernel.org,
linux-usb@vger.kernel.org, linux-wireless@vger.kernel.org,
netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [PATCH] wifi: ath6kl: Check that the read operation returns a data length of 0
Date: Sun, 25 Aug 2024 09:25:37 +0200 [thread overview]
Message-ID: <2024082507-clay-riveting-16f3@gregkh> (raw)
In-Reply-To: <tencent_8D19734F828DA6A5938DF1122F5DDC5DBC07@qq.com>
On Sun, Aug 25, 2024 at 03:10:03PM +0800, Edward Adam Davis wrote:
> If the data length returned by the device is 0, the read operation
> should be considered a failure.
>
> Reported-and-tested-by: syzbot+92c6dd14aaa230be6855@syzkaller.appspotmail.com
> Signed-off-by: Edward Adam Davis <eadavis@qq.com>
> ---
> drivers/net/wireless/ath/ath6kl/usb.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/net/wireless/ath/ath6kl/usb.c b/drivers/net/wireless/ath/ath6kl/usb.c
> index 5220809841a6..2a89bab81b24 100644
> --- a/drivers/net/wireless/ath/ath6kl/usb.c
> +++ b/drivers/net/wireless/ath/ath6kl/usb.c
> @@ -1034,6 +1034,9 @@ static int ath6kl_usb_bmi_read(struct ath6kl *ar, u8 *buf, u32 len)
> ath6kl_err("Unable to read the bmi data from the device: %d\n",
> ret);
> return ret;
> + } else {
> + ath6kl_err("Actual read the bmi data length is 0 from the device\n");
> + return -EIO;
Close, but not quite there. ath6kl_usb_submit_ctrl_in() needs to verify
that the actual amount of data was read that was asked for. If a short
read happens (or a long one), then an error needs to propagate out, not
just 0. See the "note:" line in that function for what needs to be
properly checked.
hope this helps,
greg k-h
next prev parent reply other threads:[~2024-08-25 7:25 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-01 6:11 [syzbot] [wireless?] [usb?] WARNING in ath6kl_bmi_get_target_info (2) syzbot
2024-08-25 4:29 ` Edward Adam Davis
2024-08-25 4:57 ` syzbot
2024-08-25 7:10 ` [PATCH] wifi: ath6kl: Check that the read operation returns a data length of 0 Edward Adam Davis
2024-08-25 7:25 ` Greg KH [this message]
2024-08-25 8:14 ` Edward Adam Davis
2024-08-25 8:34 ` Greg KH
2024-08-25 10:09 ` Edward Adam Davis
2024-08-25 11:25 ` Greg KH
2024-08-25 14:03 ` Edward Adam Davis
2024-08-25 14:21 ` [PATCH V2] wifi: ath6kl: Replace ath6kl_usb_submit_ctrl_in with usb_control_msg_recv Edward Adam Davis
2024-08-25 14:50 ` Sergei Shtylyov
2024-08-25 15:07 ` Sergei Shtylyov
2024-08-26 5:04 ` Greg KH
2024-08-26 11:12 ` Edward Adam Davis
2024-08-26 11:19 ` [PATCH V3] " Edward Adam Davis
2024-08-26 11:25 ` Greg KH
2024-08-26 11:26 ` Greg KH
2024-08-26 12:29 ` [PATCH V4 1/2] " Edward Adam Davis
2024-08-26 13:12 ` Greg KH
2024-08-26 13:12 ` Greg KH
[not found] ` <20240826122955.2674569-3-eadavis@qq.com>
2024-08-26 12:29 ` [PATCH V4 2/2] wifi: ath6kl: remove ath6kl_usb_submit_ctrl_in Edward Adam Davis
2024-08-26 13:13 ` Greg KH
2024-08-26 13:44 ` [PATCH V5 1/2] wifi: ath6kl: Replace ath6kl_usb_submit_ctrl_in with usb_control_msg_recv Edward Adam Davis
[not found] ` <20240826134418.2744882-3-eadavis@qq.com>
2024-08-26 13:44 ` [PATCH V5 2/2] wifi: ath6kl: remove ath6kl_usb_submit_ctrl_in Edward Adam Davis
2024-08-26 13:01 ` [PATCH V4 1/2] wifi: ath6kl: Replace ath6kl_usb_submit_ctrl_in with usb_control_msg_recv Edward Adam Davis
[not found] ` <20240826130154.2706792-3-eadavis@qq.com>
2024-08-26 13:01 ` [PATCH V4 2/2] wifi: ath6kl: remove ath6kl_usb_submit_ctrl_in Edward Adam Davis
2024-08-26 11:42 ` [PATCH V2] wifi: ath6kl: Replace ath6kl_usb_submit_ctrl_in with usb_control_msg_recv Kalle Valo
2024-08-26 13:06 ` Edward Adam Davis
2024-08-26 15:01 ` Kalle Valo
2024-08-26 22:51 ` [PATCH V6 1/2] " Edward Adam Davis
[not found] ` <20240826225107.2817092-3-eadavis@qq.com>
2024-08-26 22:51 ` [PATCH V6 2/2] wifi: ath6kl: remove ath6kl_usb_submit_ctrl_in Edward Adam Davis
2025-06-17 9:45 ` [syzbot] [PATCH wireless] wifi: ath6kl: remove WARN on bad firmware input syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024082507-clay-riveting-16f3@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=eadavis@qq.com \
--cc=kvalo@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=syzbot+92c6dd14aaa230be6855@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.