Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1695461pxj; Fri, 18 Jun 2021 12:55:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxy1HX/aSPc1bXs2yO6W8yLBJo5hPHC6gZj1YdfBNafoYJtDVm+ybwqY99BfdWu6plJN0KV X-Received: by 2002:a05:6e02:12:: with SMTP id h18mr8812387ilr.265.1624046126226; Fri, 18 Jun 2021 12:55:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624046126; cv=none; d=google.com; s=arc-20160816; b=SQsN16lpwLdXHUhYM+2+zUWuZt+gWqnonUm2j3/QandqtmlBcYPJuerTD5LraIq3K5 LOMrsKO8zOo0BnTUGy44nZZ5ep1FwmPbuqTIKucuVfPKOO9F6606/2jZEHIT+KKZAkmg Gqsm2GdNnhIIxYBPburQowB6lOu7m4xV4gsPGuS9T6fCBGht1KMCogIXrLN5jGq+pAjO i1ySKHaq8GnaIB7WjTbeBLkP5uotNmWzV2JdR7f6zON8VggGEpXq5NKIAXpc9zwwHSz2 4OB5z64mJO/T3H2VbBMQgPYqirf3viFI4tK7dGq3eNjkFu+jGdONSU2hJP5+isxM47Nm rOjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=2YcWn0t0U4kt3sChGn8YS8hWgbgIMByu8PDof3KrEw0=; b=rpgp+HNGBe038JoGfjGlr6vkIsELHneghoQMsYWEO4KEOx7ARfbhQmRlyVMHklDbzX 6Nyo8Kd8JMDrsF6We5DiSRglkMwKsx8TgWnE0YsGVtVgHdTjx+6idBpCoBJtNWGXAE/i 58045SQDRBQO618ilNfDmQVB5FUL9/tvGkiYMYTPBMEin8QaZil6qKlldJHPDODTOlSR Zs3Gehvjdj/whCz7hoblDZjFTaGlAKk+2mtr8u7nef/sl8WqlM/mcX51XndZyFqpGB2+ NbNHPIAM6H/aCXgKKDR8CYQo3zw9YQwq3nNjJ5d48p+qX2Mckzuks2gNbnwumwRXke+5 Y9pA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z10si3177468ilu.151.2021.06.18.12.55.13; Fri, 18 Jun 2021 12:55:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231883AbhFRTcG (ORCPT + 99 others); Fri, 18 Jun 2021 15:32:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57002 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230433AbhFRTcF (ORCPT ); Fri, 18 Jun 2021 15:32:05 -0400 Received: from zeniv-ca.linux.org.uk (zeniv-ca.linux.org.uk [IPv6:2607:5300:60:148a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E1C13C061574 for ; Fri, 18 Jun 2021 12:29:55 -0700 (PDT) Received: from viro by zeniv-ca.linux.org.uk with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1luKB2-009jVk-HT; Fri, 18 Jun 2021 19:29:16 +0000 Date: Fri, 18 Jun 2021 19:29:16 +0000 From: Al Viro To: Jhih-Ming Huang Cc: gregkh@linuxfoundation.org, fabioaiuto83@gmail.com, ross.schm.dev@gmail.com, maqianga@uniontech.com, marcocesati@gmail.com, linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH v3] rtw_security: fix cast to restricted __le32 Message-ID: References: <20210618181751.95967-1-fbihjmeric@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210618181751.95967-1-fbihjmeric@gmail.com> Sender: Al Viro Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jun 19, 2021 at 02:17:51AM +0800, Jhih-Ming Huang wrote: > This patch fixes the sparse warning of fix cast to restricted __le32. > > There was a change for replacing private CRC-32 routines with in kernel > ones. > However, the author used le32_to_cpu to convert crc32_le(), and we > should cpu_to_le32. > > Ths commit also fixes the payload checking by memcmp instead of checking element > by element. > > Signed-off-by: Jhih-Ming Huang > --- > drivers/staging/rtl8723bs/core/rtw_security.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c > index a99f439328f1..97a7485f8f58 100644 > --- a/drivers/staging/rtl8723bs/core/rtw_security.c > +++ b/drivers/staging/rtl8723bs/core/rtw_security.c > @@ -121,7 +121,7 @@ void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe) > arc4_crypt(ctx, payload, payload, length); > > /* calculate icv and compare the icv */ > - *((u32 *)crc) = le32_to_cpu(~crc32_le(~0, payload, length - 4)); > + *crc = cpu_to_le32(~crc32_le(~0, payload, length - 4)); Huh? crc is u8[4]; that assignment will truncate that le32 to u8 and store it in the first byte of your 4-element array. How the hell does sparse *not* complain on that? Either make crc __le32 (and turn assignment into crc = cpu_to_le32(...)), or make that *(__le32 *)crc = ... > @@ -618,10 +618,9 @@ u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe) > arc4_setkey(ctx, rc4key, 16); > arc4_crypt(ctx, payload, payload, length); > > - *((u32 *)crc) = le32_to_cpu(~crc32_le(~0, payload, length - 4)); > + *crc = cpu_to_le32(~crc32_le(~0, payload, length - 4)); Ditto. Declare crc as __le32 and use crc = cpu_to_le32(~crc32_le(~0, payload, length - 4)); here.