From 421033deb91521aa6a9255e495cb106741a52275 Mon Sep 17 00:00:00 2001 From: Paul Fertser Date: Mon, 5 Jun 2023 10:34:07 +0300 Subject: [PATCH 01/17] wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) On DBDC devices the first (internal) phy is only capable of using 2.4 GHz band, and the 5 GHz band is exposed via a separate phy object, so avoid the false advertising. Reported-by: Rani Hod Closes: https://github.com/openwrt/openwrt/pull/12361 Fixes: 7660a1bd0c22 ("mt76: mt7615: register ext_phy if DBDC is detected") Cc: stable@vger.kernel.org Signed-off-by: Paul Fertser Reviewed-by: Simon Horman Acked-by: Felix Fietkau Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230605073408.8699-1-fercerpav@gmail.com --- drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c b/drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c index 68e88224b8b1..ccedea7e8a50 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c +++ b/drivers/net/wireless/mediatek/mt76/mt7615/eeprom.c @@ -128,12 +128,12 @@ mt7615_eeprom_parse_hw_band_cap(struct mt7615_dev *dev) case MT_EE_5GHZ: dev->mphy.cap.has_5ghz = true; break; - case MT_EE_2GHZ: - dev->mphy.cap.has_2ghz = true; - break; case MT_EE_DBDC: dev->dbdc_support = true; fallthrough; + case MT_EE_2GHZ: + dev->mphy.cap.has_2ghz = true; + break; default: dev->mphy.cap.has_2ghz = true; dev->mphy.cap.has_5ghz = true; From a2777be03236c00466326acba8d39ac4f9c3e971 Mon Sep 17 00:00:00 2001 From: Brian Norris Date: Fri, 21 Jul 2023 16:06:04 -0700 Subject: [PATCH 02/17] MAINTAINERS: Update mwifiex maintainer list We haven't heard anything from these folks in years. I've been reviewing many submissions and plan to keep doing so. Cc: Amitkumar Karwar Cc: Ganapathi Bhat Cc: Sharvari Harisangam Cc: Xinming Hu Signed-off-by: Brian Norris Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230721160603.1.Idf0e8025f59c62d73c08960638249b58cf215acc@changeid --- MAINTAINERS | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index dfbb271f1667..42e78a696be6 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -12579,12 +12579,9 @@ F: Documentation/devicetree/bindings/net/marvell,pp2.yaml F: drivers/net/ethernet/marvell/mvpp2/ MARVELL MWIFIEX WIRELESS DRIVER -M: Amitkumar Karwar -M: Ganapathi Bhat -M: Sharvari Harisangam -M: Xinming Hu +M: Brian Norris L: linux-wireless@vger.kernel.org -S: Maintained +S: Odd Fixes F: drivers/net/wireless/marvell/mwifiex/ MARVELL MWL8K WIRELESS DRIVER From d265ebe41c911314bd273c218a37088835959fa1 Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Thu, 20 Jul 2023 18:14:44 +0300 Subject: [PATCH 03/17] Revert "wifi: ath11k: Enable threaded NAPI" This reverts commit 13aa2fb692d3717767303817f35b3e650109add3. This commit broke QCN9074 initialisation: [ 358.960477] ath11k_pci 0000:04:00.0: ce desc not available for wmi command 36866 [ 358.960481] ath11k_pci 0000:04:00.0: failed to send WMI_STA_POWERSAVE_PARAM_CMDID [ 358.960484] ath11k_pci 0000:04:00.0: could not set uapsd params -105 As there's no fix available let's just revert it to get QCN9074 working again. Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217536 Signed-off-by: Kalle Valo Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230720151444.2016637-1-kvalo@kernel.org --- drivers/net/wireless/ath/ath11k/ahb.c | 1 - drivers/net/wireless/ath/ath11k/pcic.c | 1 - 2 files changed, 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath11k/ahb.c b/drivers/net/wireless/ath/ath11k/ahb.c index 1cebba7889d7..139da578831a 100644 --- a/drivers/net/wireless/ath/ath11k/ahb.c +++ b/drivers/net/wireless/ath/ath11k/ahb.c @@ -376,7 +376,6 @@ static void ath11k_ahb_ext_irq_enable(struct ath11k_base *ab) struct ath11k_ext_irq_grp *irq_grp = &ab->ext_irq_grp[i]; if (!irq_grp->napi_enabled) { - dev_set_threaded(&irq_grp->napi_ndev, true); napi_enable(&irq_grp->napi); irq_grp->napi_enabled = true; } diff --git a/drivers/net/wireless/ath/ath11k/pcic.c b/drivers/net/wireless/ath/ath11k/pcic.c index c899616fbee4..c63083633b37 100644 --- a/drivers/net/wireless/ath/ath11k/pcic.c +++ b/drivers/net/wireless/ath/ath11k/pcic.c @@ -466,7 +466,6 @@ void ath11k_pcic_ext_irq_enable(struct ath11k_base *ab) struct ath11k_ext_irq_grp *irq_grp = &ab->ext_irq_grp[i]; if (!irq_grp->napi_enabled) { - dev_set_threaded(&irq_grp->napi_ndev, true); napi_enable(&irq_grp->napi); irq_grp->napi_enabled = true; } From fd7f08d92fcd7cc3eca0dd6c853f722a4c6176df Mon Sep 17 00:00:00 2001 From: Ilan Peer Date: Sun, 23 Jul 2023 23:10:43 +0300 Subject: [PATCH 04/17] wifi: cfg80211: Fix return value in scan logic The reporter noticed a warning when running iwlwifi: WARNING: CPU: 8 PID: 659 at mm/page_alloc.c:4453 __alloc_pages+0x329/0x340 As cfg80211_parse_colocated_ap() is not expected to return a negative value return 0 and not a negative value if cfg80211_calc_short_ssid() fails. Fixes: c8cb5b854b40f ("nl80211/cfg80211: support 6 GHz scanning") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217675 Signed-off-by: Ilan Peer Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230723201043.3007430-1-ilan.peer@intel.com --- net/wireless/scan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 8bf00caf5d29..0cf1ce7b6934 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -657,7 +657,7 @@ static int cfg80211_parse_colocated_ap(const struct cfg80211_bss_ies *ies, ret = cfg80211_calc_short_ssid(ies, &ssid_elem, &s_ssid_tmp); if (ret) - return ret; + return 0; for_each_element_id(elem, WLAN_EID_REDUCED_NEIGHBOR_REPORT, ies->data, ies->len) { From a1ce186db7f0e449f35d12fb55ae0da2a1b400e2 Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Mon, 24 Jul 2023 13:08:23 +0300 Subject: [PATCH 05/17] Revert "wifi: ath6k: silence false positive -Wno-dangling-pointer warning on GCC 12" This reverts commit bd1d129daa3ede265a880e2c6a7f91eab0f4dc62. The dangling-pointer warnings were disabled kernel-wide by commit 49beadbd47c2 ("gcc-12: disable '-Wdangling-pointer' warning for now") for v5.19. So this hack in ath6kl is not needed anymore. Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230724100823.2948804-1-kvalo@kernel.org --- drivers/net/wireless/ath/ath6kl/Makefile | 5 ----- 1 file changed, 5 deletions(-) diff --git a/drivers/net/wireless/ath/ath6kl/Makefile b/drivers/net/wireless/ath/ath6kl/Makefile index a75bfa9fd1cf..dc2b3b46781e 100644 --- a/drivers/net/wireless/ath/ath6kl/Makefile +++ b/drivers/net/wireless/ath/ath6kl/Makefile @@ -36,11 +36,6 @@ ath6kl_core-y += wmi.o ath6kl_core-y += core.o ath6kl_core-y += recovery.o -# FIXME: temporarily silence -Wdangling-pointer on non W=1+ builds -ifndef KBUILD_EXTRA_WARN -CFLAGS_htc_mbox.o += $(call cc-disable-warning, dangling-pointer) -endif - ath6kl_core-$(CONFIG_NL80211_TESTMODE) += testmode.o ath6kl_core-$(CONFIG_ATH6KL_TRACING) += trace.o From 96839282edc28996809b2101afef8ae971b9dad7 Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Mon, 24 Jul 2023 13:45:39 +0300 Subject: [PATCH 06/17] MAINTAINERS: wifi: rtw88: change Ping as the maintainer Yan-Hsuan has been away since 2021 and Ping has been the de facto maintainer the past year, actively reviewing patches and doing all other maintainer duties. So fix the MAINTAINERS file to show the current situation. Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230724104547.3061709-2-kvalo@kernel.org --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 42e78a696be6..58b399c7fb5e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -17969,7 +17969,7 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-testing.g F: drivers/net/wireless/realtek/rtlwifi/ REALTEK WIRELESS DRIVER (rtw88) -M: Yan-Hsuan Chuang +M: Ping-Ke Shih L: linux-wireless@vger.kernel.org S: Maintained F: drivers/net/wireless/realtek/rtw88/ From 25700d4916fefd27f83b933149c4da3d32db8585 Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Mon, 24 Jul 2023 13:45:40 +0300 Subject: [PATCH 07/17] MAINTAINERS: wifi: atmel: mark as orphan Last activity from Simon is from 2005 so mark the driver is orphan. Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230724104547.3061709-3-kvalo@kernel.org --- MAINTAINERS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 58b399c7fb5e..35de04265644 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3260,9 +3260,8 @@ F: Documentation/devicetree/bindings/input/atmel,maxtouch.yaml F: drivers/input/touchscreen/atmel_mxt_ts.c ATMEL WIRELESS DRIVER -M: Simon Kelley L: linux-wireless@vger.kernel.org -S: Maintained +S: Orphan W: http://www.thekelleys.org.uk/atmel W: http://atmelwlandriver.sourceforge.net/ F: drivers/net/wireless/atmel/atmel* From 74b81eac2dda55584aa6102feb920142ab08721a Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Mon, 24 Jul 2023 13:45:41 +0300 Subject: [PATCH 08/17] MAINTAINERS: wifi: mark cw1200 as orphan Last activity from Solomon is from 2013 so mark the driver orphan. Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230724104547.3061709-4-kvalo@kernel.org --- MAINTAINERS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 35de04265644..fc3c83c42efb 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -5451,8 +5451,7 @@ F: Documentation/devicetree/bindings/net/can/ctu,ctucanfd.yaml F: drivers/net/can/ctucanfd/ CW1200 WLAN driver -M: Solomon Peachy -S: Maintained +S: Orphan F: drivers/net/wireless/st/cw1200/ CX18 VIDEO4LINUX DRIVER From e76983151dc66717e43c2a77abcfdb36318d2255 Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Mon, 24 Jul 2023 13:45:42 +0300 Subject: [PATCH 09/17] MAINTAINERS: wifi: mark ar5523 as orphan Last activity from Pontus for this driver is from 2013 so mark the driver orphan. Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230724104547.3061709-5-kvalo@kernel.org --- MAINTAINERS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index fc3c83c42efb..3792e3de4822 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -21884,9 +21884,8 @@ S: Maintained F: drivers/usb/misc/apple-mfi-fastcharge.c USB AR5523 WIRELESS DRIVER -M: Pontus Fuchs L: linux-wireless@vger.kernel.org -S: Maintained +S: Orphan F: drivers/net/wireless/ath/ar5523/ USB ATTACHED SCSI From bc5dee3ce7c06d2c3d7a3b135a24f85de45a8362 Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Mon, 24 Jul 2023 13:45:43 +0300 Subject: [PATCH 10/17] MAINTAINERS: wifi: mark rndis_wlan as orphan Last activity from Jussi for this driver is from 2013 so mark the driver orphan. Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230724104547.3061709-6-kvalo@kernel.org --- MAINTAINERS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 3792e3de4822..3d890a82149a 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -22162,9 +22162,8 @@ F: drivers/usb/gadget/legacy/webcam.c F: include/uapi/linux/usb/g_uvc.h USB WIRELESS RNDIS DRIVER (rndis_wlan) -M: Jussi Kivilinna L: linux-wireless@vger.kernel.org -S: Maintained +S: Orphan F: drivers/net/wireless/legacy/rndis_wlan.c USB XHCI DRIVER From 0566ec90515c50352442db467d2a8c8950d35dc9 Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Mon, 24 Jul 2023 13:45:44 +0300 Subject: [PATCH 11/17] MAINTAINERS: wifi: mark wl3501 as orphan There's no maintainer for this driver so mark it as orphan. Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230724104547.3061709-7-kvalo@kernel.org --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 3d890a82149a..9ad555da5e36 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -22938,7 +22938,7 @@ F: drivers/input/misc/wistron_btns.c WL3501 WIRELESS PCMCIA CARD DRIVER L: linux-wireless@vger.kernel.org -S: Odd fixes +S: Orphan F: drivers/net/wireless/legacy/wl3501* WMI BINARY MOF DRIVER From c1e0a70de12dea642c696a81fd1104f5377fb203 Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Mon, 24 Jul 2023 13:45:45 +0300 Subject: [PATCH 12/17] MAINTAINERS: wifi: mark zd1211rw as orphan Last activity from Ulrich is from 2007 so mark the driver orphan. Remove the zd1211-devs list, I doubt anyone uses it anymore. The webpage seems to be down so remove that as well. Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230724104547.3061709-8-kvalo@kernel.org --- MAINTAINERS | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 9ad555da5e36..2f988aa03f2e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -23509,11 +23509,8 @@ S: Maintained F: mm/zbud.c ZD1211RW WIRELESS DRIVER -M: Ulrich Kunitz L: linux-wireless@vger.kernel.org -L: zd1211-devs@lists.sourceforge.net (subscribers-only) -S: Maintained -W: http://zd1211.ath.cx/wiki/DriverRewrite +S: Orphan F: drivers/net/wireless/zydas/zd1211rw/ ZD1301 MEDIA DRIVER From 3ccbc99c152fded21ff3661d7685095e14065e96 Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Mon, 24 Jul 2023 13:45:46 +0300 Subject: [PATCH 13/17] MAINTAINERS: wifi: mark b43 as orphan There's no maintainer for b43 so mark it as orphan. Signed-off-by: Kalle Valo Acked-by: Larry Finger Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230724104547.3061709-9-kvalo@kernel.org --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 2f988aa03f2e..eccc3794e6e2 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3391,7 +3391,7 @@ F: drivers/media/radio/radio-aztech* B43 WIRELESS DRIVER L: linux-wireless@vger.kernel.org L: b43-dev@lists.infradead.org -S: Odd Fixes +S: Orphan W: https://wireless.wiki.kernel.org/en/users/Drivers/b43 F: drivers/net/wireless/broadcom/b43/ From cc326aae03c37d393e8dfba950caa33493dcdfad Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Mon, 24 Jul 2023 13:45:47 +0300 Subject: [PATCH 14/17] MAINTAINERS: wifi: mark mlw8k as orphan Last activity from Lennert is from 2012 so mark the driver as orphan. Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230724104547.3061709-10-kvalo@kernel.org --- MAINTAINERS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index eccc3794e6e2..ab9a31f4954c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -12583,9 +12583,8 @@ S: Odd Fixes F: drivers/net/wireless/marvell/mwifiex/ MARVELL MWL8K WIRELESS DRIVER -M: Lennert Buytenhek L: linux-wireless@vger.kernel.org -S: Odd Fixes +S: Orphan F: drivers/net/wireless/marvell/mwl8k.c MARVELL NAND CONTROLLER DRIVER From 456b5e85d8a56e5563573b10e0840c7ae59373da Mon Sep 17 00:00:00 2001 From: Kalle Valo Date: Tue, 25 Jul 2023 12:42:48 +0300 Subject: [PATCH 15/17] MAINTAINERS: add Jeff as ath10k, ath11k and ath12k maintainer Jeff will now start maintaining these drivers together with me. Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230725094248.3205486-1-kvalo@kernel.org --- MAINTAINERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index ab9a31f4954c..71edae152e3a 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -17430,6 +17430,7 @@ F: drivers/media/tuners/qt1010* QUALCOMM ATH12K WIRELESS DRIVER M: Kalle Valo +M: Jeff Johnson L: ath12k@lists.infradead.org S: Supported T: git git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git @@ -17437,6 +17438,7 @@ F: drivers/net/wireless/ath/ath12k/ QUALCOMM ATHEROS ATH10K WIRELESS DRIVER M: Kalle Valo +M: Jeff Johnson L: ath10k@lists.infradead.org S: Supported W: https://wireless.wiki.kernel.org/en/users/Drivers/ath10k @@ -17446,6 +17448,7 @@ F: drivers/net/wireless/ath/ath10k/ QUALCOMM ATHEROS ATH11K WIRELESS DRIVER M: Kalle Valo +M: Jeff Johnson L: ath11k@lists.infradead.org S: Supported W: https://wireless.wiki.kernel.org/en/users/Drivers/ath11k From 1d7dd5aa35474e553b8671b58579e0749b560779 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Fri, 28 Jul 2023 16:13:02 -0700 Subject: [PATCH 16/17] wifi: ray_cs: Replace 1-element array with flexible array MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The trailing array member of struct tx_buf was defined as a 1-element array, but used as a flexible array. This was resulting in build warnings: In function 'fortify_memset_chk', inlined from 'memset_io' at /kisskb/src/arch/mips/include/asm/io.h:486:2, inlined from 'build_auth_frame' at /kisskb/src/drivers/net/wireless/legacy/ray_cs.c:2697:2: /kisskb/src/include/linux/fortify-string.h:493:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] 493 | __write_overflow_field(p_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Replace it with an actual flexible array. Binary difference comparison shows a single change in output: │ drivers/net/wireless/legacy/ray_cs.c:883 │ lea 0x1c(%rbp),%r13d │ - cmp $0x7c3,%r13d │ + cmp $0x7c4,%r13d This is from: if (len + TX_HEADER_LENGTH > TX_BUF_SIZE) { specifically: #define TX_BUF_SIZE (2048 - sizeof(struct tx_msg)) This appears to have been originally buggy, so the change is correct. Reported-by: Geert Uytterhoeven Closes: https://lore.kernel.org/all/88f83d73-781d-bdc-126-aa629cb368c@linux-m68k.org Cc: Kalle Valo Cc: linux-wireless@vger.kernel.org Signed-off-by: Kees Cook Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230728231245.never.309-kees@kernel.org --- drivers/net/wireless/legacy/rayctl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/legacy/rayctl.h b/drivers/net/wireless/legacy/rayctl.h index 2b0f332043d7..1f3bde8ac73d 100644 --- a/drivers/net/wireless/legacy/rayctl.h +++ b/drivers/net/wireless/legacy/rayctl.h @@ -577,7 +577,7 @@ struct tx_msg { struct tib_structure tib; struct phy_header phy; struct mac_header mac; - UCHAR var[1]; + UCHAR var[]; }; /****** ECF Receive Control Structure (RCS) Area at Shared RAM offset 0x0800 */ From 16e455a465fca91907af0108f3d013150386df30 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Sat, 29 Jul 2023 16:05:00 +0200 Subject: [PATCH 17/17] wifi: brcmfmac: Fix field-spanning write in brcmf_scan_params_v2_to_v1() Using brcmfmac with 6.5-rc3 on a brcmfmac43241b4-sdio triggers a backtrace caused by the following field-spanning warning: memcpy: detected field-spanning write (size 120) of single field "¶ms_le->channel_list[0]" at drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:1072 (size 2) The driver still works after this warning. The warning was introduced by the new field-spanning write checks which were enabled recently. Fix this by replacing the channel_list[1] declaration at the end of the struct with a flexible array declaration. Most users of struct brcmf_scan_params_le calculate the size to alloc using the size of the non flex-array part of the struct + needed extra space, so they do not care about sizeof(struct brcmf_scan_params_le). brcmf_notify_escan_complete() however uses the struct on the stack, expecting there to be room for at least 1 entry in the channel-list to store the special -1 abort channel-id. To make this work use an anonymous union with a padding member added + the actual channel_list flexible array. Cc: Kees Cook Signed-off-by: Hans de Goede Reviewed-by: Kees Cook Reviewed-by: Franky Lin Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20230729140500.27892-1-hdegoede@redhat.com --- .../net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h index 792adaf880b4..bece26741d3a 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h @@ -398,7 +398,12 @@ struct brcmf_scan_params_le { * fixed parameter portion is assumed, otherwise * ssid in the fixed portion is ignored */ - __le16 channel_list[1]; /* list of chanspecs */ + union { + __le16 padding; /* Reserve space for at least 1 entry for abort + * which uses an on stack brcmf_scan_params_le + */ + DECLARE_FLEX_ARRAY(__le16, channel_list); /* chanspecs */ + }; }; struct brcmf_scan_params_v2_le {