From patchwork Wed Dec 23 08:49:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: You-Sheng Yang X-Patchwork-Id: 1419898 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4D16pt4mV6z9sTc; Wed, 23 Dec 2020 20:09:42 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ks09J-0007Oe-Q4; Wed, 23 Dec 2020 09:09:37 +0000 Received: from mail-pg1-f171.google.com ([209.85.215.171]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ks02M-0002DH-Ny for kernel-team@lists.ubuntu.com; Wed, 23 Dec 2020 09:02:26 +0000 Received: by mail-pg1-f171.google.com with SMTP id v19so382774pgj.12 for ; Wed, 23 Dec 2020 01:02:08 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ct55NLZ6LS+XxX1J6C1DJg5Vo6HjUPTCkQB9rtZnKqU=; b=Ek52InCWUyO0dpiFZdbtqS+LdHSpUSjsSt8PInlW1oqZqWCuf+tNtk2yJozGBMqhXB Zok211TAkUAML/lwg4vgwADdJ2S0gNZymaZyGW7PEjvToxtuLm0KnR6T7sB+FH++/XpE qLH11fLK66dEBkVDyQ7JT/v4k4pxOCr3yQfptQaO0+KYucnXZ4BqUX22mgUTqrWZR6pA 1p6Sj2hH9NZ02YHdjmpbYV6rUQUtRqEK+aPNF5OYJTF5/WPouPuubC2LA9auu0A/ooGC AX/nkVDmxQEh0LSyNhn5tgZYHAEw8Ub/0NZzcoGdDVXnfwN0RcT2z5DVRP+1C86MGa7t luYQ== X-Gm-Message-State: AOAM530cxO0fweMcyGnz5pxGayOiRSlclXfvjfmY2n48rNEYYOLnhbzw 097/3MQdGFd3VBJzwC43rNVECy6+CfuvN/pJ X-Google-Smtp-Source: ABdhPJzlTDban8Q+sTUrhaBm1MVX7Uln2Si0LZ0r/YDUHsYl6L8USDFn3GUq5fl5N9YkS2m8oYD2RQ== X-Received: by 2002:a62:4e43:0:b029:1a4:684c:87ea with SMTP id c64-20020a624e430000b02901a4684c87eamr4513461pfb.75.1608714126094; Wed, 23 Dec 2020 01:02:06 -0800 (PST) Received: from localhost (61-220-137-37.HINET-IP.hinet.net. [61.220.137.37]) by smtp.gmail.com with ESMTPSA id l2sm22360030pjz.27.2020.12.23.01.02.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 23 Dec 2020 01:02:05 -0800 (PST) From: You-Sheng Yang To: kernel-team@lists.ubuntu.com Subject: [PATCH 232/379][SRU][OEM-5.6] ath11k: fix KASAN warning of ath11k_qmi_wlanfw_wlan_cfg_send Date: Wed, 23 Dec 2020 16:49:25 +0800 Message-Id: <20201223085152.554896-233-vicamo.yang@canonical.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201223085152.554896-1-vicamo.yang@canonical.com> References: <20201223085152.554896-1-vicamo.yang@canonical.com> MIME-Version: 1.0 Received-SPF: pass client-ip=209.85.215.171; envelope-from=vicamo@gmail.com; helo=mail-pg1-f171.google.com X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Carl Huang BugLink: https://bugs.launchpad.net/bugs/1879633 It's caused by reading memory out of boundary from target_ce_config_wlan. Tested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1 Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2 Signed-off-by: Carl Huang Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/1597389030-13887-10-git-send-email-kvalo@codeaurora.org (cherry picked from commit 6c809d04c542e24508c26102e6c7c5e2c967032d) Signed-off-by: You-Sheng Yang --- drivers/net/wireless/ath/ath11k/qmi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c index 529886b1f068..12991a835b8b 100644 --- a/drivers/net/wireless/ath/ath11k/qmi.c +++ b/drivers/net/wireless/ath/ath11k/qmi.c @@ -2233,7 +2233,7 @@ static int ath11k_qmi_wlanfw_wlan_cfg_send(struct ath11k_base *ab) req->tgt_cfg_valid = 1; /* This is number of CE configs */ req->tgt_cfg_len = ab->qmi.ce_cfg.tgt_ce_len; - for (pipe_num = 0; pipe_num <= req->tgt_cfg_len ; pipe_num++) { + for (pipe_num = 0; pipe_num < req->tgt_cfg_len ; pipe_num++) { req->tgt_cfg[pipe_num].pipe_num = ce_cfg[pipe_num].pipenum; req->tgt_cfg[pipe_num].pipe_dir = ce_cfg[pipe_num].pipedir; req->tgt_cfg[pipe_num].nentries = ce_cfg[pipe_num].nentries;