[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAFqe=z+bnNayKaxEnEFar28Q__yZ9Byaxe3YwtMaBEsASG2VwA@mail.gmail.com>
Date: Thu, 9 May 2024 12:49:47 +0200
From: Jannik Glückert <jannik.glueckert@...il.com>
To: Johannes Berg <johannes@...solutions.net>
Cc: Bagas Sanjaya <bagasdotme@...il.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Linux Networking <netdev@...r.kernel.org>,
Linux Wireless <linux-wireless@...r.kernel.org>, Jouni Malinen <jouni.malinen@...eros.com>,
"John W. Linville" <linville@...driver.com>, Kalle Valo <kvalo@...nel.org>,
Emmanuel Grumbach <emmanuel.grumbach@...el.com>, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Sam James <sam@...too.org>
Subject: Re: Fwd: UBSAN: array-index-out-of-bounds in net/wireless/nl80211.c
and net/mac80211/scan.c
Am Do., 9. Mai 2024 um 10:48 Uhr schrieb Johannes Berg
<johannes@...solutions.net>:
> > > [ 106.194465] UBSAN: array-index-out-of-bounds in /var/tmp/portage/sys-kernel/gentoo-kernel-6.8.9/work/linux-6.8/net/wireless/nl80211.c:9203:29
> > > [ 106.195063] index 42 is out of range for type 'struct ieee80211_channel *[]'
>
> > > [ 106.200924] UBSAN: array-index-out-of-bounds in /var/tmp/portage/sys-kernel/gentoo-kernel-6.8.9/work/linux-6.8/net/wireless/nl80211.c:9252:5
> > > [ 106.200926] index 0 is out of range for type 'struct ieee80211_channel *[]'
>
> At least one of these should be fixed by
> https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=838c7b8f1f278404d9d684c34a8cb26dc41aaaa1
I can confirm that this fixes both, thanks.
I only looked through torvalds/linux.git, hence I missed this patch. Sorry.
> > > [ 106.201036] UBSAN: array-index-out-of-bounds in /var/tmp/portage/sys-kernel/gentoo-kernel-6.8.9/work/linux-6.8/net/mac80211/scan.c:364:4
> > > [ 106.201037] index 0 is out of range for type 'struct ieee80211_channel *[]'
>
> No idea about that one. Send patches.
Sadly unaffected.
> (Seriously. If you're running with bleeding edge toolchains that pretty
> much nobody has yet, send patches.)
I'm not sure what to make of this - this bug has been around ever
since the code was added, modern toolchains just happen to be one way
to expose it.
Alas, distro people are not kernel devs, so best I can do is report this :(
Cheers
Jannik
Powered by blists - more mailing lists