[PATCH 10/12] iwlwifi: Track scan_cmd allocation size explicitly
Kees Cook
keescook at chromium.org
Thu Sep 22 05:26:27 UTC 2022
On Thu, Sep 22, 2022 at 07:18:51AM +0300, Kalle Valo wrote:
> Kees Cook <keescook at chromium.org> writes:
>
> > In preparation for reducing the use of ksize(), explicitly track the
> > size of scan_cmd allocations. This also allows for noticing if the scan
> > size changes unexpectedly. Note that using ksize() was already incorrect
> > here, in the sense that ksize() would not match the actual allocation
> > size, which would trigger future run-time allocation bounds checking.
> > (In other words, memset() may know how large scan_cmd was allocated for,
> > but ksize() will return the upper bounds of the actually allocated memory,
> > causing a run-time warning about an overflow.)
> >
> > Cc: Gregory Greenman <gregory.greenman at intel.com>
> > Cc: Kalle Valo <kvalo at kernel.org>
> > Cc: Johannes Berg <johannes.berg at intel.com>
> > Cc: linux-wireless at vger.kernel.org
> > Cc: netdev at vger.kernel.org
> > Signed-off-by: Kees Cook <keescook at chromium.org>
>
> Via which tree is this iwlwifi patch going? Normally via wireless-next
> or something else?
This doesn't depend on the kmalloc_size_roundup() helper at all, so I
would be happy for it to go via wireless-next if the patch seems
reasonable.
--
Kees Cook
More information about the dri-devel
mailing list