Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1153553pxb; Fri, 21 Jan 2022 11:00:38 -0800 (PST) X-Google-Smtp-Source: ABdhPJyKWebqdfE6nM5q4Tky394tEVFF/yb4K9HLq22PhOQm0nuHh5hnSetyGkFHtKhyDTs3YCDG X-Received: by 2002:a17:903:41cf:b0:14b:5b0:484b with SMTP id u15-20020a17090341cf00b0014b05b0484bmr5283982ple.155.1642791638356; Fri, 21 Jan 2022 11:00:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642791638; cv=none; d=google.com; s=arc-20160816; b=SBSvpF41r4dq6/YSlyLn7kx9z2I5AjFZH3LokBz3B1TIWUic+UA00hryh1j5p9yhe2 i8uYeu/4ELdMeZ1/ydnMFDapaSS8pRkzuKYoSWUPxwXG4cPWhtpT0j+KvG9x3ZdoUhUd 0b1MSbElKaF4mBtd+qFR4JqWFfkqX+remCLaQS6cps03+rkfQi45VxdfADYLFkNUw5CW qjmX0pWKdGBVe17vNqOczOVxCapCf39MHgW3kYQK7iob6vXOH3t1qI57uqAvz/HREhSz Eqz6ZsDS9uEo+MPr9tFMCeAgeG12zrYKu876hndjcvvuSkXOm/X+MOhOxXIIjHAZge4I aAfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:subject:user-agent:mime-version:date:message-id :dkim-signature; bh=nysFfB7FiLhLLN3K973iPIjHDxbti2ZbLDq3A1XOYxM=; b=sbQy04shWQT0bhryRkBmX0ya/pAHltL6+BNlDBZJTwJhOVLe2D/HwcJHSSkDNI4E9j TIh0C1cDAKgWJUH84K0Syx/jj7ikZ0Z63ji9P1oj6rGDnCI1+XPcuj3GvaaX57VDmC4N /8XdoFrBTvwir3pr/5+79A/EGLFUFAfsek0ICJINpaD46JYtiXN/GDdfxNIXLkcVITrV yMvdLOym8KzxmK1/XpDHHbFTix26SB+iOYQBN2UF01NSyyQwkVYOMXW48SujcVuInqRZ 0XZPppRNA9Pi4INKW/BgQ5F2gwNR0p6oxdvVTpYmhuyRLOgfSPl78+MfChRSm9jNfSYv GEVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@raspberrypi.com header.s=google header.b="f/CdvPHk"; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=raspberrypi.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t133si7514642pgc.287.2022.01.21.11.00.29; Fri, 21 Jan 2022 11:00:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@raspberrypi.com header.s=google header.b="f/CdvPHk"; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=raspberrypi.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345394AbiASIyJ (ORCPT + 70 others); Wed, 19 Jan 2022 03:54:09 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52330 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352664AbiASIxt (ORCPT ); Wed, 19 Jan 2022 03:53:49 -0500 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0A70C061574 for ; Wed, 19 Jan 2022 00:53:48 -0800 (PST) Received: by mail-wm1-x32b.google.com with SMTP id e9-20020a05600c4e4900b0034d23cae3f0so4381817wmq.2 for ; Wed, 19 Jan 2022 00:53:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raspberrypi.com; s=google; h=message-id:date:mime-version:user-agent:subject:to:cc:references :from:in-reply-to:content-transfer-encoding; bh=nysFfB7FiLhLLN3K973iPIjHDxbti2ZbLDq3A1XOYxM=; b=f/CdvPHkhUjMndzz2KQrne5Y/AYAw6nOm3Fl98qG5eTCpIZtXedJAIn6SuTiVtrxsF 0Tg40csr0ACeUCD8mFZPOTa0BmHC4ILZ2r7TkZxhftFYoNEDcCnDitbS9dI4JbNGrB6p ytkwNCCKSTlwMumANukB1FQbVnpwdTu1GaP6TRexGpVG4UnihLI72XDXTjJktF4MTcUn 2IvlMo5GTnpFxKYLxknXrSPDZ87nv2MUSAWG0rdvXF6G5Poj4NKn6ptRpX0Hh5yP7P1N Lp2bOzGZWQyZamG9BpPvP5u0+CsLF0YJDorR3sSCe8VJnxcLIiCGViKQZBv0nvWAsX3N Usrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :to:cc:references:from:in-reply-to:content-transfer-encoding; bh=nysFfB7FiLhLLN3K973iPIjHDxbti2ZbLDq3A1XOYxM=; b=bLZ/7kfysWLE+WKBgGP0wraYMyYURfDsdwiNHLgM06KDCOyB9BmQZm+sGOyc/8S9uH zi6HgXuv6v5LaJaS7tqr/t4JXoK4qHAYgxF0ZsgoVwH6JuN23cFWSfeGgCBw6/lzxA4K acjV85Ua5gy1tlBezoARzZYOC3Hq5AUNolzuAJQ5+Qd6VjDgG6reGxuOtLqg6vr/xEH4 aiWdrE302FXp/29qIwfHuggPdE3xDCqiUbNuNvz9JsdyIIBtIstLy65v5qrowoKZy7LZ G4q2YGIadnwfqO7Qhx9eE8w/AO/vHHRO97C9gSX98E2qRsCoEhVca6GjII9t7eAx7rir RRxQ== X-Gm-Message-State: AOAM531EASsy+y6dO8KsQJgnNlJ+w0YaQdqrPKE4qAZPEII5+4dFfNht Q4gd5MXWSMSZN1LMAr1MsMiHMpPNEUWIbg== X-Received: by 2002:a1c:7517:: with SMTP id o23mr2407655wmc.120.1642582427301; Wed, 19 Jan 2022 00:53:47 -0800 (PST) Received: from [192.168.187.147] ([86.12.200.143]) by smtp.gmail.com with ESMTPSA id r8sm2056629wrm.93.2022.01.19.00.53.46 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 19 Jan 2022 00:53:47 -0800 (PST) Message-ID: <07dbaff1-bc12-d782-ed14-ef3f33d3c041@raspberrypi.com> Date: Wed, 19 Jan 2022 08:53:46 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: [PATCH] brcmfmac: firmware: Fix crash in brcm_alt_fw_path To: Kalle Valo Cc: Arend van Spriel , "David S. Miller" , Jakub Kicinski , Linus Walleij , linux-wireless@vger.kernel.org, brcm80211-dev-list.pdl@broadcom.com, SHA-cyfmac-dev-list@infineon.com References: <20220118154514.3245524-1-phil@raspberrypi.com> <87h7a0gt7f.fsf@kernel.org> From: Phil Elwell In-Reply-To: <87h7a0gt7f.fsf@kernel.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On 19/01/2022 06:01, Kalle Valo wrote: > Phil Elwell writes: > >> The call to brcm_alt_fw_path in brcmf_fw_get_firmwares is not protected >> by a check to the validity of the fwctx->req->board_type pointer. This >> results in a crash in strlcat when, for example, the WLAN chip is found >> in a USB dongle. >> >> Prevent the crash by adding the necessary check. >> >> See: https://github.com/raspberrypi/linux/issues/4833 >> >> Fixes: 5ff013914c62 ("brcmfmac: firmware: Allow per-board firmware binaries") >> Signed-off-by: Phil Elwell > > I think this should go to v5.17. Is that an Ack? Are you asking me to submit the patch in a different way? Phil