On 11/4/2024 8:10 AM, Aleksei Vetrov wrote:
> Hello everyone,
>
> On Tue, Oct 29, 2024 at 01:22:11PM +0000, Aleksei Vetrov wrote:
>> The channels array in the cfg80211_scan_request has a __counted_by
>> attribute attached to it, which points to the n_channels variable. This
>> attribute is used in bounds checking, and if it is not set before the
>> array is filled, then the bounds sanitizer will issue a warning or a
>> kernel panic if CONFIG_UBSAN_TRAP is set.
>>
>> This patch sets the size of allocated memory as the initial value for
>> n_channels. It is updated with the actual number of added elements after
>> the array is filled.
>>
>> Fixes: aa4ec06c455d ("wifi: cfg80211: use __counted_by where appropriate")
>> Cc: stable@xxxxxxxxxxxxxxx
>> Signed-off-by: Aleksei Vetrov <vvvvvv@xxxxxxxxxx>
>> ---
>> Changes in v2:
>> - Added Fixes tag and added stable to CC
>> - Link to v1: https://lore.kernel.org/r/20241028-nl80211_parse_sched_scan-bounds-checker-fix-v1-1-bb640be0ebb7@xxxxxxxxxx
>
> I would really appreciate it if someone take a look at this single line
> patch. It looks like v2 of this patch has slipped through the cracks...
It has not slipped through the cracks, it is being tracked in patchwork:
https://patchwork.kernel.org/project/linux-wireless/patch/20241029-nl80211_parse_sched_scan-bounds-checker-fix-v2-1-c804b787341f@xxxxxxxxxx/
The wireless maintainers have a lot of work and it can take weeks to process
new patches.
Have patience,
/jeff
