Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
MIME-Version: 1.0
References: <cover.1692931954.git.gustavoars@kernel.org> <d4f8780527d551552ee96f17a0229e02e1c200d1.1692931954.git.gustavoars@kernel.org>
 <202308251410.8DAA6AC5E@keescook>
In-Reply-To: <202308251410.8DAA6AC5E@keescook>
From:   Brian Norris <briannorris@chromium.org>
Date:   Fri, 25 Aug 2023 16:38:56 -0700
Message-ID: <CA+ASDXNxYZsxFcF2iiKidBr4znsS5ejjmQKU_pdNpsrAqyeXEg@mail.gmail.com>
Subject: Re: [PATCH v2 3/3] wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len
To:     Kees Cook <keescook@chromium.org>
Cc:     "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Kalle Valo <kvalo@kernel.org>,
        Amitkumar Karwar <akarwar@marvell.com>,
        Xinming Hu <huxm@marvell.com>, Dan Williams <dcbw@redhat.com>,
        linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-hardening@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Precedence: bulk

On Fri, Aug 25, 2023 at 2:10=E2=80=AFPM Kees Cook <keescook@chromium.org> w=
rote:
> On Thu, Aug 24, 2023 at 09:10:45PM -0600, Gustavo A. R. Silva wrote:
> > +                     mwifiex_dbg(priv->adapter, WARN,
> > +                                 "TLV size (%zu) overflows event_buf b=
uf_left=3D%d\n",
> > +                                 size_add(sizeof(tlv_rxba->header), tl=
v_len),
> > +                                 tlv_buf_left);
>
> With the suggested change to make this a warning and not dbg:

mwifiex_dbg(..., WARN, ...) *is* a warning, not a debug message. Or at
least, that's how it's used throughout this driver, even though it
actually yields a dev_info()-level message, regardless of the 'mask'
arg:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/dri=
vers/net/wireless/marvell/mwifiex/main.c?id=3Dv6.4#n1811