[lvc-project] [PATCH] wifi: brcmfmac: Fix allocation size
Arend van Spriel
arend.vanspriel at broadcom.com
Tue Jan 17 16:56:53 MSK 2023
On 1/17/2023 12:54 PM, Alexey V. Vissarionov wrote:
> On 2023-01-17 12:13:06 +0100, Simon Horman wrote:
>
> >> buf_size = sizeof(*rfi);
> >> max_idx = reorder_data[BRCMF_RXREORDER_MAXIDX_OFFSET];
> >> - buf_size += (max_idx + 1) * sizeof(pkt);
> >> + buf_size += (max_idx + 1) * sizeof(struct sk_buff);
>
> > This is followed by:
> > rfi = kzalloc(buf_size, GFP_ATOMIC);
> > ...
> > rfi->pktslots = (struct sk_buff **)(rfi + 1);
> > The type of rfi is struct brcmf_ampdu_rx_reorder, which
> > looks like this:
> > struct brcmf_ampdu_rx_reorder
> > { struct sk_buff **pktslots; ... };
> > And it looks to me that pkt is used as an array of
> > (struct sk_buff *).
> > So in all, it seems to me that the current code is correct.
>
> So, the buf_size is a sum of sizeof(struct brcmf_ampdu_rx_reorder)
> and size of array of pointers... and yes, this array is filled with
> pointers: rfi->pktslots[rfi->cur_idx] = pkt;
>
> Hmmm... looks correct. Sorry for bothering.
No problem. Nice to see the water went still without me chiming in. It
has been a while since this was added to the driver and there could be
issues with this code, but if this allocation was wrong we would have
had reports by now.
Thanks,
Arend
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4219 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://linuxtesting.org/pipermail/lvc-project/attachments/20230117/93caec73/attachment.bin>
More information about the lvc-project
mailing list