Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp528328rdb;
        Thu, 30 Nov 2023 10:56:04 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEVS/0AzU6BKeyl4JUZVU8Bp753y0hRgUIzKVYrmPflArXmFqp1/ZjxfT0A2p9IG3W2wXGv
X-Received: by 2002:a05:6a00:2d95:b0:6cd:dece:b73d with SMTP id fb21-20020a056a002d9500b006cddeceb73dmr5638577pfb.18.1701370564635;
        Thu, 30 Nov 2023 10:56:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701370564; cv=none;
        d=google.com; s=arc-20160816;
        b=gx7r9GKsZBoGDG+jJeWn6ighRH+qguyrJhV875+JJONzFWDFIBKZu6uLjhWzDtThz3
         Ai4g20M+FlGMY7Scat/4uVCC9HxIvb/Tq0RkXzRJ6lfefWFfiXzzCQ/MgMzBEF9JWSm5
         ViMlGeaUz1gdgSfyCPnO+1J0QIiHvPA+3IYxqYH7wGj6MgLRsgCj9zkvxAMjV0sdUdhV
         2ALZanUj3ykm9+PYnFm56as/9z3xtSnw2gXOkaqEOWVyvATwSykmQkTn+KvZGbaJmy/Y
         wzdY1uMle90a6z65Y+I542C0O27t4QaiJqXnPDCIKw9M+93Et90AVun81f08hHeYsAIM
         D8PQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :user-agent:content-transfer-encoding:references:in-reply-to:date:cc
         :to:from:subject:message-id:dkim-signature;
        bh=1mZwmuNrX1XZCTolturnka409we6fnCrGdbywyYe9/A=;
        fh=HiTx0qpwrmopGrcngbG/j5iAz9IkkKfgwIA58C18IEQ=;
        b=OGrz0OD43LRO2BAXe/G3ECkJqw2clgj9n1qT+1d8BYfB58/TC24Kxgzx5G49sSQoqV
         q2M4f9JQ23umHdPTOitFLjjMxmWnZjCrodr6uLQGyNJYAzSVvLFV66iOxe9j2mENmJ+i
         NHIk7YxTRSGlCfTFwqzc2FCoWE/8f46ttrzAeyQap2uAtSXQ5y9MEytH1AO2R8zFfrqp
         JhrkXbF0Lr+t2M7fSN7Os5d+ws/+qxA4SjtSc2VZrFLhG6m4LVnFTolDdyfps0wfLUrv
         l6vxi8oi5erQVZDbIu91lDp53iYHSAy6MEmNqRn0Vd1Nuj6Za3szTc8IZ+bmsF7ees8Z
         pdNA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sipsolutions.net header.s=mail header.b=glQyclz3;
       spf=pass (google.com: domain of linux-wireless+bounces-248-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-wireless+bounces-248-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net
Return-Path: <linux-wireless+bounces-248-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id ay23-20020a056a00301700b006cde7dc473csi1748949pfb.402.2023.11.30.10.56.04
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 30 Nov 2023 10:56:04 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-wireless+bounces-248-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sipsolutions.net header.s=mail header.b=glQyclz3;
       spf=pass (google.com: domain of linux-wireless+bounces-248-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-wireless+bounces-248-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 2BF61281A76
	for <linux.lists.archive@gmail.com>; Thu, 30 Nov 2023 18:56:04 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 09E3F39AE5;
	Thu, 30 Nov 2023 18:54:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=sipsolutions.net header.i=@sipsolutions.net header.b="glQyclz3"
X-Original-To: linux-wireless@vger.kernel.org
Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:242:246e::2])
	by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21AA5B9
	for <linux-wireless@vger.kernel.org>; Thu, 30 Nov 2023 10:54:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=sipsolutions.net; s=mail; h=MIME-Version:Content-Transfer-Encoding:
	Content-Type:References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender
	:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-To:
	Resent-Cc:Resent-Message-ID; bh=1mZwmuNrX1XZCTolturnka409we6fnCrGdbywyYe9/A=;
	t=1701370489; x=1702580089; b=glQyclz36MwCxOiESQjIq+Dw7Nrax0HZW7/IsRAcxXjJ5r5
	Hv2Ot84qwZhsqtQ1aQ1d9uRUR/cWpsHqGUSg/O0KwaJwI31Lv6J/zu9fGBUmVX3NhX9aMMdNW/q/n
	lodtEIh5g8q9YiLgofSo0NXG8sYGAlIQCnwrlnCgl6aduJQi1xSshe8ojx4Ggfr6oolmIWhigGMK0
	yIu/HCoN9R7WUbtOj9gyJbkEYWrcojS+CuiBkXRBLidxA1z11fi0z9jFs/rn79Y/jE7KfzqaJ0Hxo
	1RPpVW7C20pCeLDpEmAzoMGUL/bqmFtSalG8CbYBzJWQUEeJhGRHDkRxMaO7f62Q==;
Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.97)
	(envelope-from <johannes@sipsolutions.net>)
	id 1r8mBP-0000000A9Pi-0vNM;
	Thu, 30 Nov 2023 19:54:43 +0100
Message-ID: <1cddf5467c79c0d3ab1e9ba67266d302f63b3fa4.camel@sipsolutions.net>
Subject: Re: [RFC PATCH] wifi: cfg80211: fix CQM for non-range use
From: Johannes Berg <johannes@sipsolutions.net>
To: Kees Cook <keescook@chromium.org>
Cc: Jeff Johnson <quic_jjohnson@quicinc.com>, Michael Walle
 <mwalle@kernel.org>,  lkp@intel.com, oe-kbuild-all@lists.linux.dev,
 linux-wireless@vger.kernel.org,  Max Schulze <max.schulze@online.de>
Date: Thu, 30 Nov 2023 19:54:41 +0100
In-Reply-To: <202311301050.C4BFFB9837@keescook>
References: <202311090752.hWcJWAHL-lkp@intel.com>
	 <202311090752.hWcJWAHL-lkp@intel.com>
	 <1c37d99f722f891a50c540853e54d4e36bdf0157.camel@sipsolutions.net>
	 <fc1dbe4a-a810-445c-9398-60a5e55990a2@quicinc.com>
	 <202311301016.84D0010@keescook>
	 <01e3663e9e1418a183ee86251e0352256494ee28.camel@sipsolutions.net>
	 <202311301050.C4BFFB9837@keescook>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.48.4 (3.48.4-1.fc38) 
Precedence: bulk
X-Mailing-List: linux-wireless@vger.kernel.org
List-Id: <linux-wireless.vger.kernel.org>
List-Subscribe: <mailto:linux-wireless+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-wireless+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-malware-bazaar: not-scanned

On Thu, 2023-11-30 at 10:52 -0800, Kees Cook wrote:
>=20
> I was able to see it with Ubuntu's GCC 12.3.0 and their config. This
> fixed it for me:

OK. I guess kernel tree also mattered somehow, and I got confused
because I'd applied the patch on wireless, where the robot did it on
wireless-next. Not sure how that's different, but OK.


> diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
> index d0f499227c29..7735d178a393 100644
> --- a/net/wireless/nl80211.c
> +++ b/net/wireless/nl80211.c
> @@ -12845,7 +12845,7 @@ static int cfg80211_cqm_rssi_update(struct cfg802=
11_registered_device *rdev,
>  }
> =20
>  static int nl80211_set_cqm_rssi(struct genl_info *info,
> -				const s32 *thresholds, int n_thresholds,
> +				const s32 *thresholds, u32 n_thresholds,
>  				u32 hysteresis)
>  {
>  	struct cfg80211_registered_device *rdev =3D info->user_ptr[0];
> @@ -12948,7 +12948,7 @@ static int nl80211_set_cqm(struct sk_buff *skb, s=
truct genl_info *info)
>  	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
>  		const s32 *thresholds =3D
>  			nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
> -		int len =3D nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
> +		u32 len =3D nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
>  		u32 hysteresis =3D nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
> =20
>  		if (len % 4)
>=20
>=20
> If that's sensible, I can send a proper patch?

Sure, that seems reasonable.

> (Oh, it looks like nla_len is actually u16 ... should I use that instead
> of u32?)

Yeah it's a 16-bit field in the message format. Doesn't really matter?

johannes