Nicolas Boichat <drinkcat@xxxxxxxxxxxx> writes:
> On Wed, Apr 3, 2019 at 3:01 AM Wen Gong <wgong@xxxxxxxxxxxxxx> wrote:
>>
>> For some SDIO chip, the peer id is 65535 for MPDU with error status,
>> then test_bit will trigger buffer overflow for peer's memory, if kasan
>> enabled, it will report error.
>>
>> Add check for overflow the size of peer's peer_ids will avoid the buffer
>> overflow access.
>>
[...]
>> --- a/drivers/net/wireless/ath/ath10k/txrx.c
>> +++ b/drivers/net/wireless/ath/ath10k/txrx.c
>> @@ -157,6 +157,9 @@ struct ath10k_peer *ath10k_peer_find_by_id(struct ath10k *ar, int peer_id)
>> {
>> struct ath10k_peer *peer;
>>
>> + if (peer_id >= sizeof(peer->peer_ids) * BITS_PER_BYTE)
>
> I'd use >= BITS_PER_TYPE(peer->peer_ids).
Nice, I didn't know about that. Wen, please submit v2 using this.
--
Kalle Valo
