[PATCH v2] wifi: ath12k: Fix buffer overflow when scanning with extraie
Sven Eckelmann
sven at narfation.org
Thu Aug 10 01:09:25 PDT 2023
On Thursday, 10 August 2023 06:31:02 CEST Wen Gong wrote:
> On 8/10/2023 2:16 AM, Jeff Johnson wrote:
> > On 8/9/2023 10:31 AM, Jeff Johnson wrote:
> >> On 8/9/2023 1:12 AM, Wen Gong wrote:
> >>>
> [...]
> >>
> >> Reviewed-by: Jeff Johnson <quic_jjohnson at quicinc.com>
> >
> > Wen, can you please add a Fixes: tag since based upon the discussion
> > you actually observed a crash
> >
> Jeff, do you mean I should add the crash call stack or other thing in
> this patch?
I think a reference to the commit which is fixed should be added.
> The crash is observed by Sven Eckelmann <sven at narfation.org> on 07 Dec
> 2021 here:
> Subject: Re: [PATCH] ath11k: enable
> IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN6855
> https://lore.kernel.org/linux-wireless/3267805.el9kkjlfUZ@ripper/
This was for ath11k. See my patch for it in
https://lore.kernel.org/r/20211207142913.1734635-1-sven@narfation.org
So I doubt that it is ok to add the same backtrace for an ath12k commit.
And if I compare both patches, it looks to me that you don't handle the
params->extraie.len > 16 bit (see WMI_TLV_LEN) in ath12k.
Kind regards,
Sven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/ath12k/attachments/20230810/cd79f5db/attachment.sig>
More information about the ath12k
mailing list