On 1/17/2023 12:54 PM, Alexey V. Vissarionov wrote:
On 2023-01-17 12:13:06 +0100, Simon Horman wrote:
>> buf_size = sizeof(*rfi);
>> max_idx = reorder_data[BRCMF_RXREORDER_MAXIDX_OFFSET];
>> - buf_size += (max_idx + 1) * sizeof(pkt);
>> + buf_size += (max_idx + 1) * sizeof(struct sk_buff);
> This is followed by:
> rfi = kzalloc(buf_size, GFP_ATOMIC);
> ...
> rfi->pktslots = (struct sk_buff **)(rfi + 1);
> The type of rfi is struct brcmf_ampdu_rx_reorder, which
> looks like this:
> struct brcmf_ampdu_rx_reorder
> { struct sk_buff **pktslots; ... };
> And it looks to me that pkt is used as an array of
> (struct sk_buff *).
> So in all, it seems to me that the current code is correct.
So, the buf_size is a sum of sizeof(struct brcmf_ampdu_rx_reorder)
and size of array of pointers... and yes, this array is filled with
pointers: rfi->pktslots[rfi->cur_idx] = pkt;
Hmmm... looks correct. Sorry for bothering.
No problem. Nice to see the water went still without me chiming in. It has been a while since this was added to the driver and there could be issues with this code, but if this allocation was wrong we would have had reports by now.
Thanks, Arend
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
