| Message ID | 20230228162241.3874991-1-jacob.e.keller@intel.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | net: wireless: use struct_size where appropriate | expand |
On 2/28/2023 8:22 AM, Jacob Keller wrote: > This series fixes a few wireless drivers to use struct_size rather than open > coding some equivalent checks. This ensures that these size calculations > will not overflow but instead be bounded at SIZE_MAX. > > In the first case, the code is first converted to a flexible array, which > saves a few bytes of memory in addition to the fix with struct_size. > > These were caught with a coccinelle patch I recently posted at [1]. > > [1]: https://lore.kernel.org/all/20230227202428.3657443-1-jacob.e.keller@intel.com/ > > Cc: Johannes Berg <johannes@sipsolutions.net> > Cc: linux-wireless@vger.kernel.org > > Jacob Keller (3): > wifi: ipw2x00: convert ipw_fw_error->elem to flexible array[] > wifi: cfg80211: use struct_size and size_sub for payload length > wifi: nl80211: convert cfg80211_scan_request allocation to *_size > macros > > drivers/net/wireless/intel/ipw2x00/ipw2200.c | 7 +++-- > drivers/net/wireless/intel/ipw2x00/ipw2200.h | 3 +-- > .../net/wireless/quantenna/qtnfmac/commands.c | 7 ++--- > net/wireless/nl80211.c | 26 ++++++++++--------- > 4 files changed, 22 insertions(+), 21 deletions(-) > ugh sorry for the spam.. the actual patches didn't get cc'd to linux-wireless. I've fixed that now. Thanks, Jake
This series fixes a few wireless drivers to use struct_size rather than open coding some equivalent checks. This ensures that these size calculations will not overflow but instead be bounded at SIZE_MAX. In the first case, the code is first converted to a flexible array, which saves a few bytes of memory in addition to the fix with struct_size. These were caught with a coccinelle patch I recently posted at [1]. [1]: https://lore.kernel.org/all/20230227202428.3657443-1-jacob.e.keller@intel.com/ Cc: Johannes Berg <johannes@sipsolutions.net> Cc: linux-wireless@vger.kernel.org Jacob Keller (3): wifi: ipw2x00: convert ipw_fw_error->elem to flexible array[] wifi: cfg80211: use struct_size and size_sub for payload length wifi: nl80211: convert cfg80211_scan_request allocation to *_size macros drivers/net/wireless/intel/ipw2x00/ipw2200.c | 7 +++-- drivers/net/wireless/intel/ipw2x00/ipw2200.h | 3 +-- .../net/wireless/quantenna/qtnfmac/commands.c | 7 ++--- net/wireless/nl80211.c | 26 ++++++++++--------- 4 files changed, 22 insertions(+), 21 deletions(-)