Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp2348514rdb; Thu, 21 Sep 2023 16:29:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGTiKWEwx42qTYDCapHJxEaZDS0I+A8XxzeZzX5Thyva+nuzck69X5qd/kiTsbbR31NKwcx X-Received: by 2002:a05:6871:54f:b0:1b0:4fc5:2e4b with SMTP id t15-20020a056871054f00b001b04fc52e4bmr7363658oal.9.1695338984377; Thu, 21 Sep 2023 16:29:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695338984; cv=none; d=google.com; s=arc-20160816; b=gp0kc2+pwf3K107uo7HULQ2fsfQyR+YACTvx3efSO5+EGVxcAHWgDlqCHkVB9r8tA+ gHCb5tRsCtmIE/Bsra0VpVBdq6tXk4MxWf4s9hzU64rfrri2A6r2G8Bsv1Ojet2uC0XM 18a1AZysl8ytyyEnRv8CIdJOuYrg7obybxcE3/g1yYIgZT+yxxV7tit19POWw0M/Chtq nnbIRD7wC50tZTlubh0BPZyAB6hmOlxQOsfrmHpmFly2eFAO4O+bOlFRhXXg/mQ+26vL WzlgL7LABISE1Dn6+Acsfq+7Z24EiKKCbj2SQ79DD5BeWkVYH/XGk9QB++FmVZ2r/VWz EPxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:date:message-id:user-agent:cc:to:references :in-reply-to:from:subject:content-transfer-encoding:mime-version :dkim-signature; bh=VIO8rI+e/VH8rMoK2ubVFMK8q79ttdzIgjXAV+ecEq0=; fh=2UGyKc87B52f7sIwEYl9g+SBtVnXUiLMuSlEko54uMQ=; b=lQpUE8/Hus3gQ/JKqnl7KdMUm3o6BnMRnXrsbubqd88rQ0frSQDaOe9cgHsqijbrRn rqUG4Ci5kPQqQbxlfrHPGPHOYkPom7mbqH8atdlU0nuJQQt+xKN9AhcaUGRdvT1YEnVf YJdagH38APzVboDaypCwlzIxdBQdiQy3kspAyQle6UyRuzmb4NppJ5xSdZxpXXG/FrVF 4XdzUu7YcfEI6jw4zNnXF1YUXM/9amq3ciWhM3y/m4wPSdUdszGQUYxuqshewsRsG+nE FOMTOeAArDNo9EhRAsqlo2FMD56MQgoA/yuMnnNAvJmIwzn/4oJmqScjgV3b0BNTHMkY TGpg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=r+BLK+3d; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id a16-20020a656410000000b0056baff5c553si2418541pgv.101.2023.09.21.16.29.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Sep 2023 16:29:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=r+BLK+3d; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 44F6A84FF02D; Thu, 21 Sep 2023 13:49:08 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232569AbjIUUtD (ORCPT + 56 others); Thu, 21 Sep 2023 16:49:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232380AbjIUUs3 (ORCPT ); Thu, 21 Sep 2023 16:48:29 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB19979E11 for ; Thu, 21 Sep 2023 10:34:35 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6A873C116A8; Thu, 21 Sep 2023 08:02:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1695283335; bh=A2wDMxQ/CgRduFurU/x5XEPPz5f7IpyK+/xPd1NPnFc=; h=Subject:From:In-Reply-To:References:To:Cc:Date:From; b=r+BLK+3dG66LnrsnSmxtrxbszEVM4dLwRjhjhKeCDWX9JLeX4NFVcgtySnK47744q yuVT+mVv9ibi9BfXbeuiOeu1EGabqueReEIdUBs9EdYScxKmUnMS5OkQFZlsw4PxDe a78RE+8RqqSbNXyFExTIIYyrmzQ3il0C5zFsN8Bma+to/ZsGHX2eGbyoBduwwnKu1W PUrZYfqQyLm/iEVB0WNNWQGLU+LBWJzUJTJDuxrTbRcA0hyuodR3w9UM2P7p0lDK4H xVAiXXiGZ3Es9c+BIjud5wBI1hhsA1ILTktGLfBc89SFj8HZtdE0Yyo+AY/3KzWIiN 9GKQ2Zzyf02qA== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: Re: [PATCH] wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() From: Kalle Valo In-Reply-To: <20230830020716.5420-1-quic_bqiang@quicinc.com> References: <20230830020716.5420-1-quic_bqiang@quicinc.com> To: Baochen Qiang Cc: , User-Agent: pwcli/0.1.1-git (https://github.com/kvalo/pwcli/) Python/3.11.2 Message-ID: <169528333260.1539628.5137606082787828430.kvalo@kernel.org> Date: Thu, 21 Sep 2023 08:02:14 +0000 (UTC) Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Thu, 21 Sep 2023 13:49:08 -0700 (PDT) Baochen Qiang wrote: > reg_cap.phy_id is extracted from WMI event and could be an unexpected value > in case some errors happen. As a result out-of-bound write may occur to > soc->hal_reg_cap. Fix it by validating reg_cap.phy_id before using it. > > This is found during code review. > > Compile tested only. > > Signed-off-by: Baochen Qiang > Acked-by: Jeff Johnson > Signed-off-by: Kalle Valo Patch applied to ath-next branch of ath.git, thanks. b302dce3d9ed wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() -- https://patchwork.kernel.org/project/linux-wireless/patch/20230830020716.5420-1-quic_bqiang@quicinc.com/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches