This series fixes a few wireless drivers to use struct_size rather than open
coding some equivalent checks. This ensures that these size calculations
will not overflow but instead be bounded at SIZE_MAX.
In the first case, the code is first converted to a flexible array, which
saves a few bytes of memory in addition to the fix with struct_size.
These were caught with a coccinelle patch I recently posted at [1].
[1]: https://lore.kernel.org/all/[email protected]/
Cc: Johannes Berg <[email protected]>
Cc: [email protected]
Jacob Keller (3):
wifi: ipw2x00: convert ipw_fw_error->elem to flexible array[]
wifi: cfg80211: use struct_size and size_sub for payload length
wifi: nl80211: convert cfg80211_scan_request allocation to *_size
macros
drivers/net/wireless/intel/ipw2x00/ipw2200.c | 7 +++--
drivers/net/wireless/intel/ipw2x00/ipw2200.h | 3 +--
.../net/wireless/quantenna/qtnfmac/commands.c | 7 ++---
net/wireless/nl80211.c | 26 ++++++++++---------
4 files changed, 22 insertions(+), 21 deletions(-)
--
2.39.1.405.gd4c25cc71f83
Jacob Keller <[email protected]> writes:
> This series fixes a few wireless drivers to use struct_size rather than open
> coding some equivalent checks. This ensures that these size calculations
> will not overflow but instead be bounded at SIZE_MAX.
>
> In the first case, the code is first converted to a flexible array, which
> saves a few bytes of memory in addition to the fix with struct_size.
>
> These were caught with a coccinelle patch I recently posted at [1].
>
> [1]: https://lore.kernel.org/all/[email protected]/
>
> Cc: Johannes Berg <[email protected]>
> Cc: [email protected]
>
> Jacob Keller (3):
> wifi: ipw2x00: convert ipw_fw_error->elem to flexible array[]
> wifi: cfg80211: use struct_size and size_sub for payload length
> wifi: nl80211: convert cfg80211_scan_request allocation to *_size
> macros
>
> drivers/net/wireless/intel/ipw2x00/ipw2200.c | 7 +++--
> drivers/net/wireless/intel/ipw2x00/ipw2200.h | 3 +--
> .../net/wireless/quantenna/qtnfmac/commands.c | 7 ++---
> net/wireless/nl80211.c | 26 ++++++++++---------
> 4 files changed, 22 insertions(+), 21 deletions(-)
I don't see the actual patches, only the cover letter. Also nothing on
patchwork:
https://patchwork.kernel.org/project/linux-wireless/list/?state=*
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
> -----Original Message-----
> From: Kalle Valo <[email protected]>
> Sent: Monday, February 27, 2023 10:24 PM
> To: Keller, Jacob E <[email protected]>
> Cc: Johannes Berg <[email protected]>; [email protected]
> Subject: Re: [PATCH 0/3] net: wireless: use struct_size where appropriate
>
> Jacob Keller <[email protected]> writes:
>
> > This series fixes a few wireless drivers to use struct_size rather than open
> > coding some equivalent checks. This ensures that these size calculations
> > will not overflow but instead be bounded at SIZE_MAX.
> >
> > In the first case, the code is first converted to a flexible array, which
> > saves a few bytes of memory in addition to the fix with struct_size.
> >
> > These were caught with a coccinelle patch I recently posted at [1].
> >
> > [1]: https://lore.kernel.org/all/20230227202428.3657443-1-
> [email protected]/
> >
> > Cc: Johannes Berg <[email protected]>
> > Cc: [email protected]
> >
> > Jacob Keller (3):
> > wifi: ipw2x00: convert ipw_fw_error->elem to flexible array[]
> > wifi: cfg80211: use struct_size and size_sub for payload length
> > wifi: nl80211: convert cfg80211_scan_request allocation to *_size
> > macros
> >
> > drivers/net/wireless/intel/ipw2x00/ipw2200.c | 7 +++--
> > drivers/net/wireless/intel/ipw2x00/ipw2200.h | 3 +--
> > .../net/wireless/quantenna/qtnfmac/commands.c | 7 ++---
> > net/wireless/nl80211.c | 26 ++++++++++---------
> > 4 files changed, 22 insertions(+), 21 deletions(-)
>
> I don't see the actual patches, only the cover letter. Also nothing on
> patchwork:
>
> https://patchwork.kernel.org/project/linux-wireless/list/?state=*
>
Hmm.. Let me resend.
Thanks,
Jake
> --
> https://patchwork.kernel.org/project/linux-wireless/list/
>
> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatch
> es