Re: [PATCH] staging: wfx: fix potential vulnerability to spectre
On Fri, Oct 11, 2019 at 12:35:36PM +, Jerome Pouiller wrote:
> On Friday 11 October 2019 14:10:35 CEST Greg Kroah-Hartman wrote:
> > On Fri, Oct 11, 2019 at 10:15:54AM +, Jerome Pouiller wrote:
> > > From: Jérôme Pouiller
> > >
> > > array_index_nospec() should be applied after a bound check.
> > >
> > > Fixes: 9bca45f3d6924f19f29c0d019e961af3f41bdc9e ("staging: wfx: allow to
> > > send 802.11 frames")
> >
> > No need for the full sha1, this should be:
> > Fixes: 9bca45f3d692 ("staging: wfx: allow to send 802.11 frames")
>
> I copy-pasted information from kbuild robot notification.
>
> I suggest that commit-id in robot notification is also cut down to 12
> characters. Or even better, to use this snippet:
>
> If you fix the issue, kindly add following tag
> Reported-by: kbuild test robot
> Fixes: 9bca45f3d692 ("staging: wfx: allow to send 802.11 frames")
>
> (I added l...@lists.01.org in CC but, I am not sure it is the correct
> ML. I am sorry if it is not the case)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
staging-testing
head: d49d1c76b96ebf39539e93d5ab7943a01ef70e4f
commit: 9bca45f3d6924f19f29c0d019e961af3f41bdc9e [55/111] staging: wfx: allow
to send 802.11 frames
If you cut and paste then you the "[55/111] " text isn't right either.
Also kbuild works on rebase-able trees as well as non-rebase/published
trees so the hash could change as well.
I am a little bit surprised that checkpatch.pl doesn't complain about
this, though. You could consider adding that?
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
Re: [PATCH] staging: wfx: fix potential vulnerability to spectre
On Friday 11 October 2019 14:10:35 CEST Greg Kroah-Hartman wrote:
> On Fri, Oct 11, 2019 at 10:15:54AM +, Jerome Pouiller wrote:
> > From: Jérôme Pouiller
> >
> > array_index_nospec() should be applied after a bound check.
> >
> > Fixes: 9bca45f3d6924f19f29c0d019e961af3f41bdc9e ("staging: wfx: allow to
> > send 802.11 frames")
>
> No need for the full sha1, this should be:
> Fixes: 9bca45f3d692 ("staging: wfx: allow to send 802.11 frames")
I copy-pasted information from kbuild robot notification.
I suggest that commit-id in robot notification is also cut down to 12
characters. Or even better, to use this snippet:
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot
Fixes: 9bca45f3d692 ("staging: wfx: allow to send 802.11 frames")
(I added l...@lists.01.org in CC but, I am not sure it is the correct
ML. I am sorry if it is not the case)
--
Jérôme Pouiller
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
Re: [PATCH] staging: wfx: fix potential vulnerability to spectre
On Fri, Oct 11, 2019 at 10:15:54AM +, Jerome Pouiller wrote:
> From: Jérôme Pouiller
>
> array_index_nospec() should be applied after a bound check.
>
> Fixes: 9bca45f3d6924f19f29c0d019e961af3f41bdc9e ("staging: wfx: allow to send
> 802.11 frames")
No need for the full sha1, this should be:
Fixes: 9bca45f3d692 ("staging: wfx: allow to send 802.11 frames")
The command:
git show -s --abbrev-commit --abbrev=12 --pretty=format:"%h (\"%s\")%n"
will provide it in the correct format.
Can you fix this up and resend?
thanks,
greg k-h
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
[PATCH] staging: wfx: fix potential vulnerability to spectre
From: Jérôme Pouiller
array_index_nospec() should be applied after a bound check.
Fixes: 9bca45f3d6924f19f29c0d019e961af3f41bdc9e ("staging: wfx: allow to send
802.11 frames")
Reported-by: kbuild test robot
Reported-by: Dan Carpenter
Signed-off-by: Jérôme Pouiller
---
drivers/staging/wfx/wfx.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/staging/wfx/wfx.h b/drivers/staging/wfx/wfx.h
index 489836837b0a..4c0f2836015c 100644
--- a/drivers/staging/wfx/wfx.h
+++ b/drivers/staging/wfx/wfx.h
@@ -138,6 +138,7 @@ static inline struct wfx_vif *wdev_to_wvif(struct wfx_dev
*wdev, int vif_id)
dev_dbg(wdev->dev, "requesting non-existent vif: %d\n", vif_id);
return NULL;
}
+ vif_id = array_index_nospec(vif_id, ARRAY_SIZE(wdev->vif));
if (!wdev->vif[vif_id]) {
dev_dbg(wdev->dev, "requesting non-allocated vif: %d\n",
vif_id);
return NULL;
--
2.20.1
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
