lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 22 Sep 2022 07:18:51 +0300
From:   Kalle Valo <>
To:     Kees Cook <>
Cc:     Vlastimil Babka <>,
        Gregory Greenman <>,
        Johannes Berg <>,,,
        Pekka Enberg <>,
        David Rientjes <>,
        Joonsoo Kim <>,
        Andrew Morton <>,
        "David S. Miller" <>,
        Eric Dumazet <>,
        Jakub Kicinski <>,
        Paolo Abeni <>,
        Greg Kroah-Hartman <>,
        Nick Desaulniers <>,
        Alex Elder <>,
        Josef Bacik <>,
        David Sterba <>,
        Sumit Semwal <>,
        Christian K├Ânig <>,
        Jesse Brandeburg <>,
        Daniel Micay <>,
        Yonghong Song <>, Marco Elver <>,
        Miguel Ojeda <>,
        Jacob Shin <>,,,,,,,,,,,,
Subject: Re: [PATCH 10/12] iwlwifi: Track scan_cmd allocation size explicitly

Kees Cook <> writes:

> In preparation for reducing the use of ksize(), explicitly track the
> size of scan_cmd allocations. This also allows for noticing if the scan
> size changes unexpectedly. Note that using ksize() was already incorrect
> here, in the sense that ksize() would not match the actual allocation
> size, which would trigger future run-time allocation bounds checking.
> (In other words, memset() may know how large scan_cmd was allocated for,
> but ksize() will return the upper bounds of the actually allocated memory,
> causing a run-time warning about an overflow.)
> Cc: Gregory Greenman <>
> Cc: Kalle Valo <>
> Cc: Johannes Berg <>
> Cc:
> Cc:
> Signed-off-by: Kees Cook <>

Via which tree is this iwlwifi patch going? Normally via wireless-next
or something else?


Powered by blists - more mailing lists