lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aWSqpRZmBUmfZMIZ@nxpwireless-Inspiron-14-Plus-7440>
Date: Mon, 12 Jan 2026 16:02:45 +0800
From: Jeff Chen <jeff.chen_1@....com>
To: Johannes Berg <johannes@...solutions.net>
Cc: Dan Carpenter <dan.carpenter@...aro.org>,
	Chunfan Chen <jeffc@...vell.com>,
	Brian Norris <briannorris@...omium.org>,
	Francesco Dolcini <francesco@...cini.it>,
	Kalle Valo <kvalo@...nel.org>,
	Amitkumar Karwar <akarwar@...vell.com>,
	Cathy Luo <cluo@...vell.com>, linux-wireless@...r.kernel.org,
	linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] wifi: mwifiex: Fix a loop in
 mwifiex_update_ampdu_rxwinsize()

On Thu, Jan 08, 2026 at 09:58:46 PM +0100, Johannes Berg wrote:
> On Thu, 2026-01-08 at 23:00 +0300, Dan Carpenter wrote:
> > The "i" iterator variable is used to count two different things but
> 
> nice catch
> 
> > unfortunately we can't store two different numbers in the same variable.
> 
> :-)
> 
> > This was found via static analysis so I'm not positive on the impact
> > of this bug.
> 
> I think it basically means anything other than the first interface
> (using adapter->priv[i] with i>0) will not be updated correctly for A-
> MPDU buffer usage (?) if you use more than two interfaces. Given that
> most people probably only use a single interface, I suppose the impact
> would be rather low.
> 
> johannes
> 

Johannes is right — with AP and STA both active, whichever interface first meets
media_connected (AP or STA) will trigger the inner loop to overwrite the outer
interface index, so only that first interface gets the per‑TID delba while the
other is skipped.
For reference: mwifiex_update_ampdu_txwinsize() already uses separate iterators
, so aligning the RX-side loop to the same pattern makes sense.

Dan’s change to use a distinct inner iterator (j) here is correct.
Please apply.

Reviewed-by: Jeff Chen <jeff.chen_1@....com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ