All of lore.kernel.org
 help / color / mirror / Atom feed
From: Takashi Iwai <tiwai@suse.de>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: Takashi Iwai <tiwai@suse.de>,
	Luca Coelho <luciano.coelho@intel.com>,
	Oliver Neukum <oneukum@suse.de>,
	linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] iwlwifi: mvm: Fix potential NULL dereference for sta
Date: Fri, 21 Jan 2022 12:30:12 +0100	[thread overview]
Message-ID: <s5h7dattjgb.wl-tiwai@suse.de> (raw)
In-Reply-To: <2d33846961e5d5fed80b94696c27be60ecbb11c8.camel@sipsolutions.net>

On Fri, 21 Jan 2022 12:22:05 +0100,
Johannes Berg wrote:
> 
> On Fri, 2022-01-21 at 12:14 +0100, Takashi Iwai wrote:
> > The recent fix for NULL sta in iwl_mvm_get_tx_rate() may still hit a
> > potential NULL dereference, as iwl_mvm_sta_from_mac80211() is called
> > unconditionally (although this doesn't seem happening, practically
> > seen, thanks to the compiler optimization).
> > 
> 
> No objection to the patch, but I think the description isn't quite
> right?
> 
> static inline struct iwl_mvm_sta *
> iwl_mvm_sta_from_mac80211(struct ieee80211_sta *sta)
> {
>         return (void *)sta->drv_priv;
> }
> 
> looks like a dereference, but I _think_
> 
> struct ieee80211_sta {
> 	[...]
> 
>         /* must be last */
>         u8 drv_priv[] __aligned(sizeof(void *));
> };
> 
> 
> means it's just an address calculation, i.e. the same as if we had
> 
> 	return (void *)((u8 *)sta + offsetof(typeof(*sta), drv_priv));
> 
> no?

Yeah, indeed, that won't access the member.

> I guess technically it's still UB doing calculations on a NULL pointer,
> but practically that's going to work.
> 
> Anyway, no objections :)

OK, I'll submit v2 with rephrasing for avoid confusion.


Takashi

      reply	other threads:[~2022-01-21 11:30 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-21 11:14 [PATCH] iwlwifi: mvm: Fix potential NULL dereference for sta Takashi Iwai
2022-01-21 11:22 ` Johannes Berg
2022-01-21 11:30   ` Takashi Iwai [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=s5h7dattjgb.wl-tiwai@suse.de \
    --to=tiwai@suse.de \
    --cc=johannes@sipsolutions.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=luciano.coelho@intel.com \
    --cc=oneukum@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.