Re: [PATCH] wifi: iwlwifi: mvm: Fix __counted_by usage in cfg80211_wowlan_nd_*

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
To: Kees Cook <kees@kernel.org>,
	Miri Korenblit <miriam.rachel.korenblit@intel.com>
Cc: Kalle Valo <kvalo@kernel.org>,
	Johannes Berg <johannes.berg@intel.com>,
	"Gustavo A . R . Silva" <gustavoars@kernel.org>,
	Luca Coelho <luciano.coelho@intel.com>,
	Gregory Greenman <gregory.greenman@intel.com>,
	Yedidya Benshimol <yedidya.ben.shimol@intel.com>,
	Haim Dreyfuss <haim.dreyfuss@intel.com>,
	linux-wireless@vger.kernel.org,
	Shaul Triebitz <shaul.triebitz@intel.com>,
	Benjamin Berg <benjamin.berg@intel.com>,
	Dmitry Antipov <dmantipov@yandex.ru>,
	linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] wifi: iwlwifi: mvm: Fix __counted_by usage in cfg80211_wowlan_nd_*
Date: Wed, 19 Jun 2024 15:22:09 -0600	[thread overview]
Message-ID: <202aeef9-ba5b-400b-8341-bc07fb394a19@embeddedor.com> (raw)
In-Reply-To: <20240619211233.work.355-kees@kernel.org>



On 19/06/24 23:12, Kees Cook wrote:
> Both struct cfg80211_wowlan_nd_match and struct cfg80211_wowlan_nd_info
> pre-allocate space for channels and matches, but then may end up using
> fewer that the full allocation. Shrink the associated counter
> (n_channels and n_matches) after counting the results. This avoids
> compile-time (and run-time) warnings from __counted_by. (The counter
> member needs to be updated _before_ accessing the array index.)
> 
> Seen with coming GCC 15:
> 
> drivers/net/wireless/intel/iwlwifi/mvm/d3.c: In function 'iwl_mvm_query_set_freqs':
> drivers/net/wireless/intel/iwlwifi/mvm/d3.c:2877:66: warning: operation on 'match->n_channels' may be undefined [-Wsequence-point]
>   2877 |                                 match->channels[match->n_channels++] =
>        |                                                 ~~~~~~~~~~~~~~~~~^~
> drivers/net/wireless/intel/iwlwifi/mvm/d3.c:2885:66: warning: operation on 'match->n_channels' may be undefined [-Wsequence-point]
>   2885 |                                 match->channels[match->n_channels++] =
>        |                                                 ~~~~~~~~~~~~~~~~~^~
> drivers/net/wireless/intel/iwlwifi/mvm/d3.c: In function 'iwl_mvm_query_netdetect_reasons':
> drivers/net/wireless/intel/iwlwifi/mvm/d3.c:2982:58: warning: operation on 'net_detect->n_matches' may be undefined [-Wsequence-point]
>   2982 |                 net_detect->matches[net_detect->n_matches++] = match;
>        |                                     ~~~~~~~~~~~~~~~~~~~~~^~
> 

Nice catch! :)

> Fixes: aa4ec06c455d ("wifi: cfg80211: use __counted_by where appropriate")
> Signed-off-by: Kees Cook <kees@kernel.org>

Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>

Thanks
-- 
Gustavo

> ---
> Cc: Miri Korenblit <miriam.rachel.korenblit@intel.com>
> Cc: Kalle Valo <kvalo@kernel.org>
> Cc: Johannes Berg <johannes.berg@intel.com>
> Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
> Cc: Luca Coelho <luciano.coelho@intel.com>
> Cc: Gregory Greenman <gregory.greenman@intel.com>
> Cc: Yedidya Benshimol <yedidya.ben.shimol@intel.com>
> Cc: Haim Dreyfuss <haim.dreyfuss@intel.com>
> Cc: linux-wireless@vger.kernel.org
> ---
>   drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 14 +++++++++++---
>   1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> index 54f4acbbd05b..9cd03ea4680d 100644
> --- a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> +++ b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> @@ -2866,6 +2866,7 @@ static void iwl_mvm_query_set_freqs(struct iwl_mvm *mvm,
>   				    int idx)
>   {
>   	int i;
> +	int n_channels = 0;
>   
>   	if (fw_has_api(&mvm->fw->ucode_capa,
>   		       IWL_UCODE_TLV_API_SCAN_OFFLOAD_CHANS)) {
> @@ -2874,7 +2875,7 @@ static void iwl_mvm_query_set_freqs(struct iwl_mvm *mvm,
>   
>   		for (i = 0; i < SCAN_OFFLOAD_MATCHING_CHANNELS_LEN * 8; i++)
>   			if (matches[idx].matching_channels[i / 8] & (BIT(i % 8)))
> -				match->channels[match->n_channels++] =
> +				match->channels[n_channels++] =
>   					mvm->nd_channels[i]->center_freq;
>   	} else {
>   		struct iwl_scan_offload_profile_match_v1 *matches =
> @@ -2882,9 +2883,11 @@ static void iwl_mvm_query_set_freqs(struct iwl_mvm *mvm,
>   
>   		for (i = 0; i < SCAN_OFFLOAD_MATCHING_CHANNELS_LEN_V1 * 8; i++)
>   			if (matches[idx].matching_channels[i / 8] & (BIT(i % 8)))
> -				match->channels[match->n_channels++] =
> +				match->channels[n_channels++] =
>   					mvm->nd_channels[i]->center_freq;
>   	}
> +	/* We may have ended up with fewer channels than we allocated. */
> +	match->n_channels = n_channels;
>   }
>   
>   /**
> @@ -2965,6 +2968,8 @@ static void iwl_mvm_query_netdetect_reasons(struct iwl_mvm *mvm,
>   			     GFP_KERNEL);
>   	if (!net_detect || !n_matches)
>   		goto out_report_nd;
> +	net_detect->n_matches = n_matches;
> +	n_matches = 0;
>   
>   	for_each_set_bit(i, &matched_profiles, mvm->n_nd_match_sets) {
>   		struct cfg80211_wowlan_nd_match *match;
> @@ -2978,8 +2983,9 @@ static void iwl_mvm_query_netdetect_reasons(struct iwl_mvm *mvm,
>   				GFP_KERNEL);
>   		if (!match)
>   			goto out_report_nd;
> +		match->n_channels = n_channels;
>   
> -		net_detect->matches[net_detect->n_matches++] = match;
> +		net_detect->matches[n_matches++] = match;
>   
>   		/* We inverted the order of the SSIDs in the scan
>   		 * request, so invert the index here.
> @@ -2994,6 +3000,8 @@ static void iwl_mvm_query_netdetect_reasons(struct iwl_mvm *mvm,
>   
>   		iwl_mvm_query_set_freqs(mvm, d3_data->nd_results, match, i);
>   	}
> +	/* We may have fewer matches than we allocated. */
> +	net_detect->n_matches = n_matches;
>   
>   out_report_nd:
>   	wakeup.net_detect = net_detect;

next prev parent reply	other threads:[~2024-06-19 21:22 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-19 21:12 [PATCH] wifi: iwlwifi: mvm: Fix __counted_by usage in cfg80211_wowlan_nd_* Kees Cook
2024-06-19 21:22 ` Gustavo A. R. Silva [this message]
2024-06-20 17:06 ` Christophe JAILLET
2024-06-20 18:02   ` Gustavo A. R. Silva
2024-06-20 18:08     ` Gustavo A. R. Silva
2024-06-20 18:53       ` Christophe JAILLET
2024-06-20 19:02         ` Gustavo A. R. Silva
2024-11-17 11:04         ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202aeef9-ba5b-400b-8341-bc07fb394a19@embeddedor.com \
    --to=gustavo@embeddedor.com \
    --cc=benjamin.berg@intel.com \
    --cc=dmantipov@yandex.ru \
    --cc=gregory.greenman@intel.com \
    --cc=gustavoars@kernel.org \
    --cc=haim.dreyfuss@intel.com \
    --cc=johannes.berg@intel.com \
    --cc=kees@kernel.org \
    --cc=kvalo@kernel.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=luciano.coelho@intel.com \
    --cc=miriam.rachel.korenblit@intel.com \
    --cc=shaul.triebitz@intel.com \
    --cc=yedidya.ben.shimol@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.