diff options
| author | Gustavo A. R. Silva <gustavoars@kernel.org> | 2024-10-26 00:05:50 +0200 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2024-10-26 00:42:49 +0200 |
| commit | cf44e745048df2c935cb37de16e0ca476003a3b1 (patch) | |
| tree | 48fcdeb387220cc638a73a466e531ccf07bbc138 /net/mac80211/ieee80211_i.h | |
| parent | wifi: iwlwifi: mvm: fix 6 GHz scan construction (diff) | |
| download | linux-cf44e745048df2c935cb37de16e0ca476003a3b1.tar.xz linux-cf44e745048df2c935cb37de16e0ca476003a3b1.zip | |
wifi: mac80211: ieee80211_i: Fix memory corruption bug in struct ieee80211_chanctx
Move the `struct ieee80211_chanctx_conf conf` to the end of
`struct ieee80211_chanctx` and fix a memory corruption bug
triggered e.g. in `hwsim_set_chanctx_magic()`: `radar_detected`
is being overwritten when `cp->magic = HWSIM_CHANCTX_MAGIC;`
See the function call sequence below:
drv_add_chanctx(... struct ieee80211_chanctx *ctx) ->
local->ops->add_chanctx(&local->hw, &ctx->conf) ->
mac80211_hwsim_add_chanctx(... struct ieee80211_chanctx_conf *ctx) ->
hwsim_set_chanctx_magic(ctx)
This also happens in a number of other drivers.
Also, add a code comment to try to prevent people from introducing
new members after `struct ieee80211_chanctx_conf conf`. Notice that
`struct ieee80211_chanctx_conf` is a flexible structure --a structure
that contains a flexible-array member, so it should always be at
the end of any other containing structures.
This change also fixes 50 of the following warnings:
net/mac80211/ieee80211_i.h:895:39: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
-Wflex-array-member-not-at-end was introduced in GCC-14, and we are
getting ready to enable it, globally.
Fixes: bca8bc0399ac ("wifi: mac80211: handle ieee80211_radar_detected() for MLO")
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://patch.msgid.link/ZxwWPrncTeSi1UTq@kspp
[also refer to other drivers in commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to '')
| -rw-r--r-- | net/mac80211/ieee80211_i.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 04fec7e516cf..3d3c9139ff5e 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -892,9 +892,10 @@ struct ieee80211_chanctx { /* temporary data for search algorithm etc. */ struct ieee80211_chan_req req; - struct ieee80211_chanctx_conf conf; - bool radar_detected; + + /* MUST be last - ends in a flexible-array member. */ + struct ieee80211_chanctx_conf conf; }; struct mac80211_qos_map { |