On Thu, Nov 14, 2013 at 03:02:54PM +0100, Johannes Berg wrote: > On Thu, 2013-11-14 at 06:05 -0800, Luis R. Rodriguez wrote: > > > > > -void regulatory_hint_country_ie(struct wiphy *wiphy, enum ieee80211_band band, > > > > +void regulatory_hint_country_ie(struct wireless_dev *wdev, > > > > + enum ieee80211_band band, > > > > const u8 *country_ie, u8 country_ie_len) > > > ... > > > > + request->wdev = wdev; > > > > > > > You have absolutely no validation of this pointer - the lifetime of the > > > request object and the wdev aren't necessarily the same. > > > > Agreed. > > > > > At least you should very carefully document that this pointer is a > > > cookie (if it really is) and must never be dereferenced. > > > > OK, I could also validate it upon processing but we'd need to loop > > over the rdev wdev list for the country IE hint, if that is acceptable > > upon procesing it'd be valid and we'd avoid corner case issues. > > Thoughts? > > As far as I can tell you already don't use it in any other way but a > cookie pointer, comparing while iterating the then-current list of > wdevs. I confirm. > But that's kinda unsafe. Might also be worth just making it a > void* to avoid people trying to use it. OK. I can see the cookie in theory race against the allocator releasing and creating a new wdev and it magically being the same pointer, but chances are really low of that. Luis -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
