From: Jhih Ming Huang <fbihjmeric@gmail.com>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Greg KH <gregkh@linuxfoundation.org>,
fabioaiuto83@gmail.com, ross.schm.dev@gmail.com,
maqianga@uniontech.com, marcocesati@gmail.com,
linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] rtw_security: fix cast to restricted __le32
Date: Sat, 19 Jun 2021 02:28:48 +0800 [thread overview]
Message-ID: <CAKgboZ9NnN6FZ6XX5MhRk0T-TLvmPvsRWogSPuXu8m940mWNZg@mail.gmail.com> (raw)
In-Reply-To: <YMeL7PjstV601pbN@zeniv-ca.linux.org.uk>
On Tue, Jun 15, 2021 at 1:03 AM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> On Mon, Jun 14, 2021 at 11:27:03PM +0800, Jhih Ming Huang wrote:
>
> > Thanks for your explanation.
> >
> > To clarify, even though it might be false positives in some senses,
> > following "hold the variable native-endian and check the conversion
> > done correctly"
> > is much easier than the other way. And it's exactly the current implementation.
> >
> > So it's better to keep the current implementation and ignore the
> > warnings, right?
>
> Umm... If that's the case, the warnings should go away if you use
> cpu_to_le32() for conversions from native to l-e and le32_to_cpu()
> for conversions from l-e to native.
>
> IOW, the choice between those should annotate what's going on.
>
> In your case doing
> *((u32 *)crc) = le32_to_cpu((__force __le32)~crc32_le(~0, payload, length - 4));
> is wrong - you have
> crc32_le(...) native-endian
> ~crc32_le(...) - ditto
> le32_to_cpu(~crc32_le(...)) - byteswapped native-endian on b-e, unchanged on
> l-e. So result will be little-endian representation of ~crc32(...) in all
> cases. IOW, it's cpu_to_le32(~crc32_le(...)), misannotated as native-endian
> instead of little-endian it actually is.
>
> Then you store that value (actually __le32) into *(u32 *)crc. Seeing that
> crc is u8[4] there, that *(u32 *) is misleading - you are actually storing
> __le32 there (and, AFAICS, doing noting with the result). The same story
> in rtw_tkip_decrypt(), only there you do use the result later.
>
> So just make it __le32 crc and
> crc = cpu_to_le32(~crc32_le(~0, payload, length - 4));
> with
> if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
> crc[1] != payload[length - 3] || crc[0] != payload[length - 4])
> turned into
> if (memcmp(&crc, payload + length - 4, 4) != 0)
> (or (crc != get_unaligned((__le32 *)(payload + length - 4))),
> for that matter, to document what's going on and let the damn thing
> pick the optimal implementation for given architecture).
>
> Incidentally, your secmicgetuint32() is simply get_unaligned_le32()
> and secmicputuint32() - put_unaligned_le32(). No need to reinvent
> that wheel...
>
Thanks for your comprehensive explanation.
I just sent the v3 PATCH, but I replied to this thread.
Should I create the other thread?
For the secmicgetuint32(), I am not the author of this function,
but you are right we should not reinvent the wheel.
Let's focus on sparse warning fixing in this commit.
thanks.
--jmhuang
prev parent reply other threads:[~2021-06-18 18:29 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-13 12:28 [PATCH v2] rtw_security: fix cast to restricted __le32 Jhih-Ming Huang
2021-06-13 12:34 ` Greg KH
2021-06-13 16:40 ` Jhih Ming Huang
2021-06-14 14:14 ` Al Viro
2021-06-14 15:27 ` Jhih Ming Huang
2021-06-14 17:03 ` Al Viro
2021-06-18 18:17 ` [PATCH v3] " Jhih-Ming Huang
2021-06-18 19:29 ` Al Viro
2021-06-19 7:52 ` [PATCH v4] " Jhih-Ming Huang
2021-06-21 8:19 ` [PATCH v5] " Jhih-Ming Huang
2021-06-21 15:48 ` [PATCH v6] " Jhih-Ming Huang
2021-06-21 15:51 ` [PATCH v5] " Jhih-Ming Huang
2021-06-22 9:31 ` David Laight
2021-07-04 10:31 ` [PATCH v7] " Jhih-Ming Huang
2021-07-04 19:05 ` Greg KH
2021-08-01 15:51 ` Jhih-Ming Huang
2021-08-05 11:17 ` Greg KH
2021-06-19 9:20 ` [PATCH v3] " Jhih-Ming Huang
2021-06-18 18:28 ` Jhih Ming Huang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAKgboZ9NnN6FZ6XX5MhRk0T-TLvmPvsRWogSPuXu8m940mWNZg@mail.gmail.com \
--to=fbihjmeric@gmail.com \
--cc=fabioaiuto83@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=maqianga@uniontech.com \
--cc=marcocesati@gmail.com \
--cc=ross.schm.dev@gmail.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).