Re: [PATCH v2] rtw_security: fix cast to restricted __le32

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Al Viro <viro@zeniv.linux.org.uk>
To: Jhih Ming Huang <fbihjmeric@gmail.com>
Cc: Greg KH <gregkh@linuxfoundation.org>,
	fabioaiuto83@gmail.com, ross.schm.dev@gmail.com,
	maqianga@uniontech.com, marcocesati@gmail.com,
	linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] rtw_security: fix cast to restricted __le32
Date: Mon, 14 Jun 2021 17:03:40 +0000	[thread overview]
Message-ID: <YMeL7PjstV601pbN@zeniv-ca.linux.org.uk> (raw)
In-Reply-To: <CAKgboZ9P2afm7-eOE3COrKVDkFZ_g288KfJAyQiwzC6fN75VmA@mail.gmail.com>

On Mon, Jun 14, 2021 at 11:27:03PM +0800, Jhih Ming Huang wrote:

> Thanks for your explanation.
> 
> To clarify, even though it might be false positives in some senses,
> following "hold the variable native-endian and check the conversion
> done correctly"
> is much easier than the other way. And it's exactly the current implementation.
> 
> So it's better to keep the current implementation and ignore the
> warnings, right?

Umm...  If that's the case, the warnings should go away if you use
cpu_to_le32() for conversions from native to l-e and le32_to_cpu()
for conversions from l-e to native.

IOW, the choice between those should annotate what's going on.

In your case doing
	*((u32 *)crc) = le32_to_cpu((__force __le32)~crc32_le(~0, payload, length - 4));
is wrong - you have
crc32_le(...) native-endian
~crc32_le(...) - ditto
le32_to_cpu(~crc32_le(...)) - byteswapped native-endian on b-e, unchanged on
l-e.  So result will be little-endian representation of ~crc32(...) in all
cases.  IOW, it's cpu_to_le32(~crc32_le(...)), misannotated as native-endian
instead of little-endian it actually is.

Then you store that value (actually __le32) into *(u32 *)crc.  Seeing that
crc is u8[4] there, that *(u32 *) is misleading - you are actually storing
__le32 there (and, AFAICS, doing noting with the result).  The same story
in rtw_tkip_decrypt(), only there you do use the result later.

So just make it __le32 crc and
	crc = cpu_to_le32(~crc32_le(~0, payload, length - 4));
with
			if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
			    crc[1] != payload[length - 3] || crc[0] != payload[length - 4])
turned into
			if (memcmp(&crc, payload + length - 4, 4) != 0)
(or (crc != get_unaligned((__le32 *)(payload + length - 4))),
for that matter, to document what's going on and let the damn thing
pick the optimal implementation for given architecture).

Incidentally, your secmicgetuint32() is simply get_unaligned_le32()
and secmicputuint32() - put_unaligned_le32().  No need to reinvent
that wheel...

next prev parent reply	other threads:[~2021-06-14 17:03 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-13 12:28 [PATCH v2] rtw_security: fix cast to restricted __le32 Jhih-Ming Huang
2021-06-13 12:34 ` Greg KH
2021-06-13 16:40   ` Jhih Ming Huang
2021-06-14 14:14     ` Al Viro
2021-06-14 15:27       ` Jhih Ming Huang
2021-06-14 17:03         ` Al Viro [this message]
2021-06-18 18:17           ` [PATCH v3] " Jhih-Ming Huang
2021-06-18 19:29             ` Al Viro
2021-06-19  7:52               ` [PATCH v4] " Jhih-Ming Huang
2021-06-21  8:19                 ` [PATCH v5] " Jhih-Ming Huang
2021-06-21 15:48                   ` [PATCH v6] " Jhih-Ming Huang
2021-06-21 15:51                   ` [PATCH v5] " Jhih-Ming Huang
2021-06-22  9:31                   ` David Laight
2021-07-04 10:31                     ` [PATCH v7] " Jhih-Ming Huang
2021-07-04 19:05                       ` Greg KH
2021-08-01 15:51                         ` Jhih-Ming Huang
2021-08-05 11:17                           ` Greg KH
2021-06-19  9:20               ` [PATCH v3] " Jhih-Ming Huang
2021-06-18 18:28           ` [PATCH v2] " Jhih Ming Huang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YMeL7PjstV601pbN@zeniv-ca.linux.org.uk \
    --to=viro@zeniv.linux.org.uk \
    --cc=fabioaiuto83@gmail.com \
    --cc=fbihjmeric@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-staging@lists.linux.dev \
    --cc=maqianga@uniontech.com \
    --cc=marcocesati@gmail.com \
    --cc=ross.schm.dev@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.