From patchwork Fri Jan 7 07:36:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 12706340 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 67F1CC433F5 for ; Fri, 7 Jan 2022 07:36:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Subject:Cc:To: From:Date:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=CG2FpPOkjYf29g86qCu5WFlnBI4RkgGi7cSrfIDS7LE=; b=vWm8EYwOSCWL+I g64OkOzw2aUpiYbKp2VnnOB8KisVxAhMYz1ftpdXI5Tg5ue7XzZE3VIrGWpyZgsLMJiZhEIRGXRr+ l/Yd2O0fK5e2yo0o9Dc1ylhRoJPVwbsTlbWAK/j3viKwPbY43ityVUsU1uoLzLOYFgRnH7p9j66SH rG8qRc6wDRss4LLYJ1F0+k8YdSdIbqYYAPgsTuF/1R/Ip8OiYh4vsfHgK0STD+aFZEwlFm+NwIw6L 7AIXgt7EUvnH0qVTBm3+5tSYhynxe/jFO3hHt9dxLs3cthRdMf2UW9iKgR64asxr7cBH6uQFFJhDf HDFDGZ2kIBHd07JRCnGA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1n5jnd-002lUJ-4c; Fri, 07 Jan 2022 07:36:33 +0000 Received: from mx0a-00069f02.pphosted.com ([205.220.165.32]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1n5jnZ-002lTC-PJ for linux-mediatek@lists.infradead.org; Fri, 07 Jan 2022 07:36:32 +0000 Received: from pps.filterd (m0246629.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 2074QvYP009297; Fri, 7 Jan 2022 07:36:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : content-type : mime-version; s=corp-2021-07-09; bh=ePxy+W7f1GNZkrHTHu4rQptoOzum4leHVESQFyP6KNk=; b=nvrTa4ZRKuLYHFueJl3br6YVgqvTi9a+FPhQ1uQnZUfY31iZuECm1uSu/Ogy4Q1uenuH wuA/FNJBJx2iXS2qFKvWXgoV04mWlFkdJU7gWgquPrkpcnxWXczp341ujWo4bvtwyRoB /SW/Xvl7VrusJwkEFoev1koY1kKmfSCAceIxT+GL4yvd03OUhMotRzxMvbcibI+sRMyZ t5MglYv3/bBvE2zEiYQpzJHKCPfTXkRL9v/SCZj7A8ZALLFucH3sokk0+303vFN2Ri+c BBMpnO9uPsKjaVOIRU/tuKxjWn2kdf9Qiiga+OClF2tWnCxajZos5PkhN2sCCCZLX11t wQ== Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by mx0b-00069f02.pphosted.com with ESMTP id 3de4vh98av-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 07 Jan 2022 07:36:26 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.1.2/8.16.1.2) with SMTP id 2077VnQZ182082; Fri, 7 Jan 2022 07:36:25 GMT Received: from nam04-bn8-obe.outbound.protection.outlook.com (mail-bn8nam08lp2047.outbound.protection.outlook.com [104.47.74.47]) by aserp3020.oracle.com with ESMTP id 3de4vvy29b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 07 Jan 2022 07:36:24 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KF+xJkssoj7tSCvNBC9F2C3qKTB682A0HY2FtacipWQn2FZd2nxeqzrUsx1TzLO+j+N0KrRlQnmyAfEIb9hwf8Gn1KCZNzlO3cKYZ4jlh13s7ws3tjtVigA11LJdciRWm6lesvlETsy+mLmM3JTp/i/sZ0zbX6+t9KkhqCPPmAs2zsQJk//bZTdNwCZRexd0GNZzcde6BuQKJp8fCIpbmUyHwY4D4U0p7oyebyuvbQQCj7qTiV/t2MxTlLLEe34mD0OruFA1nLAYqbMiHdcv11MQHFrg9trSguqAGTbYSP0SDYjPHGP7+3egQHoh3ySE9nu7AB5BPMk2cNHdfa357A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ePxy+W7f1GNZkrHTHu4rQptoOzum4leHVESQFyP6KNk=; b=mmon6c/BDh6OFJblUa94x0K8gJ81Gjo3QSFGoiQBwoo3IE2dXX4CmXrMBS5RmTLkWQKLUZmKWbevCCMAGcKCwCDEQpOJQZI7m07lFsdmcOjc9RE6B1MPm+P2ym0LPHx08QPK1gD1FAp3VmfGwGft5xGYumogCxXdPQdZ5tiT9aGOLTJmXKb31GJZ9lor0winQhOCyNUg0uMM57ZXEacgDPCmf+HkvQqkgxVPyrKA4knWF0SeYlUj1poOfGTZfbpz8NclVUDpB/aUat2BtwPz+uTXrm6oX8c5a3kkndukH+lG5kyfTvzDCM0M8SpWsqn9clygBK7tlfpUwHxdqX1JBA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ePxy+W7f1GNZkrHTHu4rQptoOzum4leHVESQFyP6KNk=; b=O27ybwXcXE+JnDzpa/JSNLYs5B7nZxJ5/M+5Mo+P4VjumH/OQQYopcMZZ1NwiqxqSs0mae996PRePJvGEGj8eTqHLnQHI7QhzBGz62lHXZALMAfID1hBIlRL7KXpR7k/2I7Axp1CqZgT+xUecPPYB8N/HfCMYWJqTohUGNR4+VE= Received: from MWHPR1001MB2365.namprd10.prod.outlook.com (2603:10b6:301:2d::28) by MW4PR10MB5752.namprd10.prod.outlook.com (2603:10b6:303:18d::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4844.15; Fri, 7 Jan 2022 07:36:22 +0000 Received: from MWHPR1001MB2365.namprd10.prod.outlook.com ([fe80::b889:5c86:23c0:82b8]) by MWHPR1001MB2365.namprd10.prod.outlook.com ([fe80::b889:5c86:23c0:82b8%4]) with mapi id 15.20.4867.011; Fri, 7 Jan 2022 07:36:22 +0000 Date: Fri, 7 Jan 2022 10:36:09 +0300 From: Dan Carpenter To: Felix Fietkau Cc: Lorenzo Bianconi , Ryder Lee , Shayne Chen , Sean Wang , Kalle Valo , Matthias Brugger , MeiChia Chiu , Money Wang , linux-wireless@vger.kernel.org, linux-mediatek@lists.infradead.org, kernel-janitors@vger.kernel.org Subject: [PATCH] mt76: mt7915: fix a couple information leaks Message-ID: <20220107073609.GH22086@kili> Content-Disposition: inline X-Mailer: git-send-email haha only kidding User-Agent: Mutt/1.10.1 (2018-07-13) X-ClientProxiedBy: ZR0P278CA0002.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:16::12) To MWHPR1001MB2365.namprd10.prod.outlook.com (2603:10b6:301:2d::28) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7d416287-513b-434c-2c16-08d9d1b06704 X-MS-TrafficTypeDiagnostic: MW4PR10MB5752:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: RcZbwEKY/UHzmt/jZvps5YSqrfA7je26XcWcgyunqTesWQnaYIjxcC4erIXu8wMUfnUm+JM5fOhm9jgA3/L6HPl7kaK1fcsaY45RlyeAT0XMotMfYCdAA2k3w0q9lJef2GOQPVcKlAkFGX1j9z8ufYJRiuIF/j6DIBW2LvMNRTrXmQyR6K6EgHwxUr95wwtfVCoJYvyi8gOwqcn852Wz02ES4LCO5zx6GEoc7rPFyJJU9PRg56+bR8dhBflyvKRDe5RuCnZ+DGhXpwYgqXbkwM1c6V61rEpuMZqTxqgrV1VIJBRSJmj4aqpsFi4GSSxmSFpRbkbtZPToeX6/cjIYxZzPddCp95yWVP410Y1RBaVzk9jn/tiL4zlM5QTQQKbkOvDoQgtBNYz0OUHw2qAzK4aW2UWhtYkq6O6TS08zFIKfALNYRiOaDMTiSa3d5e3HK2MHQn/zfGPp8echt+WDgOr28FubNucl5E5Tj8+R/h1uWI3WCvbhle8k4LW7cFTvD/Jt7slpFt7JXiUBeGFmYvjPwuCASK+DMRAO9aUeqXbSX3gpRk3Y3WrQymfSxyaWTZ8DTvIYU9RRdOTHwu/4CGfljYfZVfs8U00mq8cTDKPHScUTjPHW9k6ZTqzSUx4LcJ/rrYpeqlJ9TUiomdCZl1dgICj5Py2PuiEsKZoev8a19k82CAhCFLvf1ZJEBZLc4N4XDMFVwuyZzk0cN0+Gqg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR1001MB2365.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(7916004)(366004)(66946007)(6486002)(8936002)(6666004)(2906002)(7416002)(186003)(4326008)(33716001)(1076003)(5660300002)(33656002)(6916009)(44832011)(9686003)(6512007)(316002)(52116002)(508600001)(83380400001)(38100700002)(38350700002)(66556008)(6506007)(86362001)(66476007)(54906003)(26005)(8676002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 1irlz6rk/FxvDwkSmayBtGuRBHCGNPZsjRu2hXXqCVVTH97+psEeHiXEc/cx7z/wlx2c8YkEPS30BmPpQf34lNE4vFovs6vjs00kRePGQKtmj9EA0YRaMyjTB34J2gvF9CMVmwhb8WIyFKDpfW31mJ0YN6aDUT/V60SiUEv0jESTz6gRXdkFbyHlgGca25lWMbVY9yEYl1K0PHE4NZ/l1Yu8OWu8huA9a6yfzBZ6hrh40iPySWJrp421OhoxK4P6ZtjcnJFfss05MpEA8QnrRvWY4OocWnn1ElmVOGUz9KjJIslMSwE3IK+lNNrd14+W7Uue839tTpf2QyTn5QAAOL1KCr5LtcFV6XXKxhSyd2fzDH1h13N860nf1zIEjTiNBlTvwjfVcQBm1AEgziwcnJBGk1chZomyO5Qtrsq8d41r7up4MW+bwVQVA3QFaXYZ0NGd4UXIaRnzpaTH8NF7K4L6Pm1PU5zmT16r1J8clTTWVBgDbds9IRtJSsCIGK3G6tPGHhkjLycQD54oYEutVHEtXB4z8EH2ePcY5eqJT3ITsjrJtBdRzHU9n7pcgaxrCgKvHYr7pncAW5eRvgYqKCnoNhhy1VCTwGd0uXi/KGIK5SwYdbXekJCffvffzMkx+Gt6d4ELTcthEfQnU8SWDb91p+4eSeu5kvROsDcuuBR0OfyXdl8bfkEhmW8XOpqJbzcluxDTsv1fQlGIfJZs8OU7iWF4LXQWnIGpSKPxDxZgJ38o/KE650Gg1J4f5dgiyezYSpwo4nCfdR8G1xR56pRkxu96H7shtmUNYMFthW+jXwfUhl65g27xFtevbfYKtbSojzaqzrFN2nFX/kPbZfxOg6FDML4pMewJy05kVHpIvUVnKEsjjgyVxML7vmubFC8sMaNi3LGuTkseMZf5NYnS0sFXYQWoQl+tE92UM5IDPM16y9FAw5gZ8Sxc1Zg2sQBl5Ir8+eUj0Ogx40HyAQRjiheeoiSZxSLPqHYsgFqDk39mt4Injj4ln3k0CgcxfnHErcxDrKXT9ISATw63utxdQ9YSyPZLdekdLBFK96FfFzZD20vrNT/c8kFwPmWEvrxnXCcUUvgkAr1NYEuRE0HmMjqWu5MHD/Kz13V4PV3RN/QnTeen7PDW17qbx/8NYrIv0QJxffnXo/e8RdfWF8ocH/JyYuz2vE1tYawL3QAr1w0OVHkHk/iDR5PxfXRGVZFrCV0tQwBUBLFkZN8x3FVz0zO8WcGBmwyjkxPip10xk/htRetqi4ESQ0ZybWS6+9praeiCGTvLrH/WTDXGer93HC7cVl5P9jyfCw7g1DhbTrDJbiCIloaK2XGxbS/ogAlxFLn7W2nPXOnUffsy5yQGEyCuGIPxdo3+3rGvQKOt7Irr5GIX5d3+Autg9S7x5GRA2BnkTio7Qc9EyFB4SNmNOY41hauzWmzbs258jexKkMdTng/tXFK6gjo0pbGVGqZuL9nK2NSPvjJY5e4Vz58XiK4dMcxbWR12LvZtrqwhGbI7KzDX+olLtxpklCDjPB5qEbSvH4ZMkUy+/MSoF8e8IO2AmjiTALEuAuxAnGh1TUJLK7LayVJXMd3Xsg7SlGII4VbKj9/rRPs1bLVwfa1Xb4JrBjBdkDjUOKvbd7DN7csscsAzknicjn2Wwg4g1t1rMOUpJ2rI8kyQCetWPZm1eQT1YicQ1I+LbDW7AhM= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7d416287-513b-434c-2c16-08d9d1b06704 X-MS-Exchange-CrossTenant-AuthSource: MWHPR1001MB2365.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jan 2022 07:36:22.5067 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jhcMVHb9w60nTv/fP3vM3qKavqBW1/HRS7X04akIZ83kiJPPkHKhBdzbkKJIA9G7Mvq78sZVJktdNTp7Ata++/yeC1TC978N6D76R4T1SUs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR10MB5752 X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10219 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 mlxlogscore=999 adultscore=0 phishscore=0 mlxscore=0 spamscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2201070053 X-Proofpoint-ORIG-GUID: xce09MwIYd2QMjqQ1wlrdNxo9H4WtWZC X-Proofpoint-GUID: xce09MwIYd2QMjqQ1wlrdNxo9H4WtWZC X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220106_233629_859902_502D7E29 X-CRM114-Status: GOOD ( 16.35 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org Unfortunately this code has stumbled into some deep C standards nonsense. These two structs have a 3 byte struct hole at the end. If you partially initialize a struct then the C standard specifies that all the struct holes are zeroed out. But when you initialize all the members of the struct, as this code does, then struct holes may be left with uninitialized stack data. This is from C11 section 6.7.9 and how it is implemented in GCC. Anyway, add some memsets to prevent exposing uninitialized stack data with the user. Debugfs is root only so the real life impact of these leaks is very small. Fixes: 1966a5078f2d ("mt76: mt7915: add mu-mimo and ofdma debugfs knobs") Signed-off-by: Dan Carpenter --- .../net/wireless/mediatek/mt76/mt7915/mcu.c | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c index 0911b6f973b5..19c340c65465 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c @@ -2999,10 +2999,11 @@ int mt7915_mcu_muru_debug_set(struct mt7915_dev *dev, bool enabled) struct { __le32 cmd; u8 enable; - } data = { - .cmd = cpu_to_le32(MURU_SET_TXC_TX_STATS_EN), - .enable = enabled, - }; + } data; + + memset(&data, 0, sizeof(data)); + data.cmd = cpu_to_le32(MURU_SET_TXC_TX_STATS_EN); + data.enable = enabled; return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL), &data, sizeof(data), false); @@ -3014,15 +3015,15 @@ int mt7915_mcu_muru_debug_get(struct mt7915_phy *phy, void *ms) struct sk_buff *skb; struct mt7915_mcu_muru_stats *mu_stats = (struct mt7915_mcu_muru_stats *)ms; - int ret; - struct { __le32 cmd; u8 band_idx; - } req = { - .cmd = cpu_to_le32(MURU_GET_TXC_TX_STATS), - .band_idx = phy != &dev->phy, - }; + } req; + int ret; + + memset(&req, 0, sizeof(req)); + req.cmd = cpu_to_le32(MURU_GET_TXC_TX_STATS); + req.band_idx = phy != &dev->phy; ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL), &req, sizeof(req), true, &skb);