Re: [PATCH v3] wifi: wilc1000: use vmm_table as array in wilc struct
From: Kalle Valo
Date: Thu Oct 19 2023 - 03:31:01 EST
Alexis Lothoré <alexis.lothore@xxxxxxxxxxx> wrote:
> From: Ajay Singh <ajay.kathat@xxxxxxxxxxxxx>
>
> Enabling KASAN and running some iperf tests raises some memory issues with
> vmm_table:
>
> BUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4
> Write of size 4 at addr c3a61540 by task wlan0-tx/95
>
> KASAN detects that we are writing data beyond range allocated to vmm_table.
> There is indeed a mismatch between the size passed to allocator in
> wilc_wlan_init, and the range of possible indexes used later: allocation
> size is missing a multiplication by sizeof(u32)
>
> Fixes: 40b717bfcefa ("wifi: wilc1000: fix DMA on stack objects")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Ajay Singh <ajay.kathat@xxxxxxxxxxxxx>
> Signed-off-by: Alexis Lothoré <alexis.lothore@xxxxxxxxxxx>
> Reviewed-by: Michael Walle <mwalle@xxxxxxxxxx>
> Reviewed-by: Jeff Johnson <quic_jjohnson@xxxxxxxxxxx>
Patch applied to wireless-next.git, thanks.
05ac1a198a63 wifi: wilc1000: use vmm_table as array in wilc struct
--
https://patchwork.kernel.org/project/linux-wireless/patch/20231017-wilc1000_tx_oops-v3-1-b2155f1f7bee@xxxxxxxxxxx/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches