Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4683265yba; Tue, 30 Apr 2019 02:37:04 -0700 (PDT) X-Google-Smtp-Source: APXvYqx9HQUoMvAiVGY8oXFzmAnyrMcH/vfRn3feT+7g5QCyf4422bH0f0kxbe5nJW1z/GphDRac X-Received: by 2002:a17:902:e684:: with SMTP id cn4mr66941598plb.71.1556617024130; Tue, 30 Apr 2019 02:37:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556617024; cv=none; d=google.com; s=arc-20160816; b=pHc67LK/ySuFaqQYeClpI4OcO/HblCJnFA/vl0VtVRdY+lqDQRcDj59LEQ0u1LSjNl aVKjhDpfsXr0e55Md2PJwFGeVfTXDpFZuISSxMaGBQfgtEH+9pPQ/P+pi7dL9bq5nCFi QW37Dob5sppKjFcV9WVe6ntH8LwcHSjoGw6TitfOeOn7vgLbQPjUXJCeZLFoeR1MMwD4 b4id8RDhBDNdS/zh+6KHxyyta0uq/bCnkbnVlhHfXgEiU7G76TLbm9JIRWnB77xZjPlq M9q3zKAa2YrpQX5XPOAPPaVce6wkp5OPa5Rf7MqwZVHw+4TntyBbB9vCWjGopwBxZDAL PwCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from:dmarc-filter :dkim-signature:dkim-signature; bh=DXfCatlYx662mIpCm8XAasx4Hdg2WIyJSJOSB4u6q9M=; b=vv27x67P6NiUt1DqYU5ciNXapdgBpPJgoYV/sSJYfb1UeDU6mZNt0D3lblhwiSmxJR tmhehA2OToqx7G6j1zJOnAH1AIseoQupFxzl0TKnr1QVFU3rL0x5z01fbhDoWYD+qnfW GKgaph41qav7zkSk/hS8lu/KUvoF3qV+bukoJ70dTFxRgpU11gyCxtqDwaiG4jq/TKKy jH3cyRLOiG7X9zOIXMUVqpnPPM5gTfqlHMh71wvPqn6CVMmv6fI/FWZCvj3G3dQ4QtSk IkNQMaqXqEALVR3ZdPUAOCIe8s2gPFqKa7gzW8yaapNmcsmYCOcqdQiAILlam++UVRfC r9zQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=hFw6RRH9; dkim=pass header.i=@codeaurora.org header.s=default header.b="cPb/0Xp2"; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q4si33619261pgv.474.2019.04.30.02.36.49; Tue, 30 Apr 2019 02:37:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=hFw6RRH9; dkim=pass header.i=@codeaurora.org header.s=default header.b="cPb/0Xp2"; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726769AbfD3Jgs (ORCPT + 99 others); Tue, 30 Apr 2019 05:36:48 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:51352 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726012AbfD3Jgr (ORCPT ); Tue, 30 Apr 2019 05:36:47 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id 67C2660DB3; Tue, 30 Apr 2019 09:36:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1556617007; bh=lN4glXMpqtmRgarltcSpOuqbmL55CZP7DhJ20iLDeNM=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=hFw6RRH9cvRt6Mgnppf7kwcJr8CMjQgPNIH9WlC52jE99oi7GXm+zi7XYhVj+U4zW eFOh8bowIsduSiWs5//plfUwEkEiz9gRq1R3zeVgRcK6CdOKtGgvxmQ4iSJ3PpFLJ1 zbivu1qdUIimguEFaY74h8kYvZTiiWCOw1R724Io= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pdx-caf-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.7 required=2.0 tests=ALL_TRUSTED,BAYES_00, DKIM_INVALID,DKIM_SIGNED autolearn=no autolearn_force=no version=3.4.0 Received: from potku.adurom.net (88-114-240-156.elisa-laajakaista.fi [88.114.240.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: kvalo@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id D1E50608D4; Tue, 30 Apr 2019 09:36:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1556617005; bh=lN4glXMpqtmRgarltcSpOuqbmL55CZP7DhJ20iLDeNM=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=cPb/0Xp27oPqXfjD1tlSaJTTsy6F58/8EO6bRU1ekuW8GnALHqwmpY8d+xKTmDRRw PgZhSXwiyGf5/kTqiHuD96Uf1jdz1KBoMD0z0d+iVdAMr+khoQRmyhfDmIFJDvW7sH g0T/P8/dsOsTj3KuCGkRVe9lCffLc7deL7nRuWTc= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org D1E50608D4 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=kvalo@codeaurora.org From: Kalle Valo To: Nicolas Boichat Cc: Wen Gong , Claire Chang , linux-wireless@vger.kernel.org, ath10k@lists.infradead.org Subject: Re: [PATCH] ath10k: add peer id check in ath10k_peer_find_by_id References: <1554260478-4161-1-git-send-email-wgong@codeaurora.org> Date: Tue, 30 Apr 2019 12:36:41 +0300 In-Reply-To: (Nicolas Boichat's message of "Mon, 29 Apr 2019 18:30:00 +0800") Message-ID: <87wojbrg0m.fsf@kamboji.qca.qualcomm.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Nicolas Boichat writes: > On Wed, Apr 3, 2019 at 3:01 AM Wen Gong wrote: >> >> For some SDIO chip, the peer id is 65535 for MPDU with error status, >> then test_bit will trigger buffer overflow for peer's memory, if kasan >> enabled, it will report error. >> >> Add check for overflow the size of peer's peer_ids will avoid the buffer >> overflow access. >> [...] >> --- a/drivers/net/wireless/ath/ath10k/txrx.c >> +++ b/drivers/net/wireless/ath/ath10k/txrx.c >> @@ -157,6 +157,9 @@ struct ath10k_peer *ath10k_peer_find_by_id(struct ath10k *ar, int peer_id) >> { >> struct ath10k_peer *peer; >> >> + if (peer_id >= sizeof(peer->peer_ids) * BITS_PER_BYTE) > > I'd use >= BITS_PER_TYPE(peer->peer_ids). Nice, I didn't know about that. Wen, please submit v2 using this. -- Kalle Valo