Re: rtlwifi: rtl8192c_common: "BUG: KASAN: slab-out-of-bounds"

From: Larry Finger
Date: Tue Feb 07 2017 - 19:53:30 EST


On 02/07/2017 10:45 AM, Tobias Guggenmos wrote:
Am Montag, 6. Februar 2017, 09:45:31 CET schrieb Larry Finger:
On 02/06/2017 04:29 AM, Johannes Berg wrote:
On Sat, 2017-02-04 at 12:41 -0600, Larry Finger wrote:
On 02/04/2017 10:58 AM, Dmitry Osipenko wrote:
Seems the problem is caused by rtl92c_dm_*() casting .priv to
"struct
rtl_pci_priv", while it is "struct rtl_usb_priv".

Those routines are shared by rtl8192ce and rtl8192cu, thus we need to
make that
difference in cast to be immaterial. I think we need to move "struct
bt_coexist_info" to the beginning of both rtlpci_priv and
rtl_usb_priv. Then it
should not matter.

I think you really should consider putting a struct rtl_common into
that or something, and getting rid of all the casting that causes this
problem to start with?

The fix you suggest is prepared and will be submitted soon. As it is much
more invasive with ~150 insertions and ~160 deletions, I decided not to
have it be the one that is pushed to all stable kernels from 4.0 onward.

Larry

This is possibly related to the following Fedora Bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1391987

This bug is unlikely to be the cause of that problem. In fact, this bug only affects rtl8192cu, not rtl8192ce. The RedHat problem is more likely caused by the not-yet-merged patch entitled "rtlwifi: rtl8192ce: Fix loading of incorrect firmware".

Larry