> From: David Lin <yu-hao.lin@xxxxxxx>
> Sent: Monday, March 18, 2024 10:04 AM
> To: Brian Norris <briannorris@xxxxxxxxxxxx>
> Cc: linux-wireless@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx;
> kvalo@xxxxxxxxxx; francesco@xxxxxxxxxx; Pete Hsieh
> <tsung-hsien.hsieh@xxxxxxx>; Francesco Dolcini
> <francesco.dolcini@xxxxxxxxxxx>
> Subject: RE: [EXT] Re: [PATCH v9 2/2] wifi: mwifiex: add host mlme for AP
> mode
> >
> > From: Brian Norris <briannorris@xxxxxxxxxxxx>
> > Sent: Saturday, March 16, 2024 8:45 AM
> > To: David Lin <yu-hao.lin@xxxxxxx>
> > Cc: linux-wireless@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx;
> > kvalo@xxxxxxxxxx; francesco@xxxxxxxxxx; Pete Hsieh
> > <tsung-hsien.hsieh@xxxxxxx>; Francesco Dolcini
> > <francesco.dolcini@xxxxxxxxxxx>
> > Subject: [EXT] Re: [PATCH v9 2/2] wifi: mwifiex: add host mlme for AP
> > mode
> >
> > Caution: This is an external email. Please take care when clicking
> > links or opening attachments. When in doubt, report the message using
> > the 'Report this email' button
> >
> >
> > On Wed, Mar 06, 2024 at 10:00:53AM +0800, David Lin wrote:
> > > Add host based MLME to enable WPA3 functionalities in AP mode.
> > > This feature required a firmware with the corresponding V2 Key API
> > > support. The feature (WPA3) is currently enabled and verified only
> > > on IW416. Also, verified no regression with change when host MLME is
> > > disabled.
> > >
> > > Signed-off-by: David Lin <yu-hao.lin@xxxxxxx>
> > > Reviewed-by: Francesco Dolcini <francesco.dolcini@xxxxxxxxxxx>
> >
> > Quick pass for now; nothing jumps out at me today, but I'll give a
> > better look/Ack next week:
> >
> > > --- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> > > +++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
> >
> >
> > > @@ -3951,12 +3974,43 @@
> > mwifiex_cfg80211_tdls_cancel_chan_switch(struct wiphy *wiphy,
> > > }
> > > }
> > >
> > > +static int
> > > +mwifiex_cfg80211_uap_add_station(struct mwifiex_private *priv,
> > > +const u8
> > *mac,
> > > + struct station_parameters *params) {
> > > + struct mwifiex_sta_info add_sta;
> > > + int ret;
> > > +
> > > + memcpy(add_sta.peer_mac, mac, ETH_ALEN);
> > > + add_sta.params = params;
> > > +
> > > + ret = mwifiex_send_cmd(priv, HostCmd_CMD_ADD_NEW_STATION,
> > > + HostCmd_ACT_ADD_STA, 0, (void
> > *)&add_sta,
> > > + true);
> > > +
> > > + if (!ret) {
> > > + struct station_info *sinfo;
> > > +
> > > + sinfo = kzalloc(sizeof(*sinfo), GFP_KERNEL);
> >
> > Couldn't this just be stack allocation?
> >
> > struct staion_info sinfo;
> >
> > cfg80211_new_sta(priv->netdev, mac, &sinfo,
> > GFP_KERNEL);
> >
> > I'm not sure you need to kzalloc() something here, if you're freeing
> > it a few lines later.
> >
>
> Will modify it in patch v10.
>
This modification will let stack overflow. Patch v10 will keep original code.
> >
> > > + if (!sinfo)
> > > + return -ENOMEM;
> > > +
> > > + cfg80211_new_sta(priv->netdev, mac, sinfo,
> GFP_KERNEL);
> > > + kfree(sinfo);
> > > + }
> > > +
> > > + return ret;
> > > +}
> >
> > Brian
