Hi Brain,

> -----Original Message-----
> From: Brian Norris [mailto:briannor...@chromium.org]
> Sent: 2017年4月15日 0:56
> To: Xinming Hu
> Cc: Linux Wireless; Kalle Valo; Dmitry Torokhov; raja...@google.com;
> Amitkumar Karwar; Cathy Luo; Ganapathi Bhat
> Subject: [EXT] Re: Re: Re: [PATCH v3 4/4] mwifiex: pcie: extract wifi part 
> from
> combo firmware during function level reset
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi,
> 
> On Fri, Apr 14, 2017 at 03:28:28AM +0000, Xinming Hu wrote:
> > According to the firmware download protocol, every CMD should not exceed
> MWIFIEX_UPLD_SIZE.
> > we can add a sanity check , like,
> > if (data_len > MWIFIEX_UPLD_SIZE - sizeof(fwdata->header))
> >     *error*
> 
> I was primarily interested in protecting the kernel itself. Once the kernel 
> starts
> parsing the firmware, we have to make sure a bad firmware file won't end up
> with us looping infinitely, reading/writing invalid memory, or otherwise
> exposing security or stability issues. I wasn't necessarily interested in 
> validating
> every requirement of the end-point device. For example, we're not bothering
> checking the CRCs. I figured that this was all the job of your Wifi card's 
> boot
> ROM.
> 
> So, we *can* implement checks like this, but I'd really hope we don't need 
> this
> particular one, because your card should be taking care of that.
> 

Got it, we will keep in mind to check the possible overflow in future, either 
using general
protect or under limit by our device requirement.

> Please consider reviewing my latest submission.
> 

Sure.

Thanks,
Simon
> Regards,
> Brian

Reply via email to