RE: [PATCH v2 1/2] wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user

From: Ping-Ke Shih
Date: Wed Apr 26 2023 - 00:39:06 EST



> -----Original Message-----
> From: Ping-Ke Shih <pkshih@xxxxxxxxxxx>
> Sent: Wednesday, April 26, 2023 12:29 PM
> To: Zhang Shurong <zhang_shurong@xxxxxxxxxxx>; tony0620emma@xxxxxxxxx
> Cc: kvalo@xxxxxxxxxx; davem@xxxxxxxxxxxxx; edumazet@xxxxxxxxxx; kuba@xxxxxxxxxx; pabeni@xxxxxxxxxx;
> linux-wireless@xxxxxxxxxxxxxxx; netdev@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
> Subject: RE: [PATCH v2 1/2] wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user
>
> > -----Original Message-----
> > From: Zhang Shurong <zhang_shurong@xxxxxxxxxxx>
> > Sent: Wednesday, April 26, 2023 12:24 AM
> > To: tony0620emma@xxxxxxxxx
> > Cc: kvalo@xxxxxxxxxx; davem@xxxxxxxxxxxxx; edumazet@xxxxxxxxxx; kuba@xxxxxxxxxx; pabeni@xxxxxxxxxx;
> > linux-wireless@xxxxxxxxxxxxxxx; netdev@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; Zhang Shurong
> > <zhang_shurong@xxxxxxxxxxx>
> > Subject: [PATCH v2 1/2] wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user
> >
> > If there is a failure during copy_from_user, rtw_debugfs_copy_from_user
> > should return negative error code instead of a positive value count.
> >
> > Fix this bug by returning correct error code. Moreover, the check
> > of buffer against null is removed since it will be handled by
> > copy_from_user.
> >
> > Signed-off-by: Zhang Shurong <zhang_shurong@xxxxxxxxxxx>
>
> Reviewed-by: Ping-Ke Shih <pkshih@xxxxxxxxxxx>

I would take back this temporarily because of below.

>
> > ---
> > drivers/net/wireless/realtek/rtw88/debug.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/wireless/realtek/rtw88/debug.c b/drivers/net/wireless/realtek/rtw88/debug.c
> > index fa3d73b333ba..3da477e1ebd3 100644
> > --- a/drivers/net/wireless/realtek/rtw88/debug.c
> > +++ b/drivers/net/wireless/realtek/rtw88/debug.c
> > @@ -183,8 +183,8 @@ static int rtw_debugfs_copy_from_user(char tmp[], int size,
> >
> > tmp_len = (count > size - 1 ? size - 1 : count);
> >
> > - if (!buffer || copy_from_user(tmp, buffer, tmp_len))
> > - return count;
> > + if (copy_from_user(tmp, buffer, tmp_len))
> > + return -EFAULT;
> >
> > tmp[tmp_len] = '\0';
> >

In the second patch, you check 'ret < 0' instead of 'ret'. That looks like
you can possibly return positive value (e.g. count), but actually only
return 0 or - EFAULT after this patch. So, I would like change first or second
patch to make them intuitive.

return 0 or -EFAULT --> check by if (ret)
return 0 or -EFAULT or count --> check by if (ret < 0)


+ ret = rtw_debugfs_copy_from_user(tmp, sizeof(tmp), buffer, count, 2);
+ if (ret < 0)
+ return ret;