lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230117115430.GC15213@altlinux.org>
Date:   Tue, 17 Jan 2023 14:54:30 +0300
From:   "Alexey V. Vissarionov" <gremlin@...linux.org>
To:     Simon Horman <simon.horman@...igine.com>
Cc:     "Alexey V. Vissarionov" <gremlin@...linux.org>,
        Arend van Spriel <aspriel@...il.com>,
        Franky Lin <franky.lin@...adcom.com>,
        Hante Meuleman <hante.meuleman@...adcom.com>,
        Kalle Valo <kvalo@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Alvin Šipraga <alsi@...g-olufsen.dk>,
        Ahmad Fatoum <a.fatoum@...gutronix.de>,
        Wataru Gohda <wataru.gohda@...ress.com>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        Wolfram Sang <wsa+renesas@...g-engineering.com>,
        Pieter-Paul Giesberts <pieter-paul.giesberts@...adcom.com>,
        linux-wireless@...r.kernel.org,
        brcm80211-dev-list.pdl@...adcom.com,
        SHA-cyfmac-dev-list@...ineon.com, netdev@...r.kernel.org,
        lvc-project@...uxtesting.org
Subject: Re: [PATCH] wifi: brcmfmac: Fix allocation size

On 2023-01-17 12:13:06 +0100, Simon Horman wrote:

 >> buf_size = sizeof(*rfi);
 >> max_idx = reorder_data[BRCMF_RXREORDER_MAXIDX_OFFSET];
 >> - buf_size += (max_idx + 1) * sizeof(pkt);
 >> + buf_size += (max_idx + 1) * sizeof(struct sk_buff);

 > This is followed by:
 > rfi = kzalloc(buf_size, GFP_ATOMIC);
 > ...
 > rfi->pktslots = (struct sk_buff **)(rfi + 1);
 > The type of rfi is struct brcmf_ampdu_rx_reorder, which
 > looks like this:
 > struct brcmf_ampdu_rx_reorder
 > { struct sk_buff **pktslots; ... };
 > And it looks to me that pkt is used as an array of
 > (struct sk_buff *).
 > So in all, it seems to me that the current code is correct.

So, the buf_size is a sum of sizeof(struct brcmf_ampdu_rx_reorder)
and size of array of pointers... and yes, this array is filled with
pointers: rfi->pktslots[rfi->cur_idx] = pkt;

Hmmm... looks correct. Sorry for bothering.


-- 
Alexey V. Vissarionov
gremlin ПРИ altlinux ТЧК org; +vii-cmiii-ccxxix-lxxix-xlii
GPG: 0D92F19E1C0DC36E27F61A29CD17E2B43D879005 @ hkp://keys.gnupg.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ