review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Arnd Bergmann <arnd@arndb.de>
	Fri, 23 Jun 2023 15:24:00 +0000 (17:24 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 13 Sep 2023 07:42:34 +0000 (09:42 +0200)
commit	7930fa4ca871d17e55b15825d335bf353c1acfdf
tree	2bc6984cd401479753505076da0345447295c66a	tree \| snapshot
parent	4381d6083254bdef420a660dc8c41dea7f7d3f88	commit \| diff

mac80211: make ieee80211_tx_info padding explicit

[ Upstream commit a7a2ef0c4b3efbd7d6f3fabd87dbbc0b3f2de5af ]

While looking at a bug, I got rather confused by the layout of the
'status' field in ieee80211_tx_info. Apparently, the intention is that
status_driver_data[] is used for driver specific data, and fills up the
size of the union to 40 bytes, just like the other ones.

This is indeed what actually happens, but only because of the
combination of two mistakes:

- "void *status_driver_data[18 / sizeof(void *)];" is intended
   to be 18 bytes long but is actually two bytes shorter because of
   rounding-down in the division, to a multiple of the pointer
   size (4 bytes or 8 bytes).

- The other fields combined are intended to be 22 bytes long, but
   are actually 24 bytes because of padding in front of the
   unaligned tx_time member, and in front of the pointer array.

The two mistakes cancel out. so the size ends up fine, but it seems
more helpful to make this explicit, by having a multiple of 8 bytes
in the size calculation and explicitly describing the padding.

Fixes: ea5907db2a9cc ("mac80211: fix struct ieee80211_tx_info size")
Fixes: 02219b3abca59 ("mac80211: add WMM admission control support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230623152443.2296825-2-arnd@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>