git.openwrt.org Git - openwrt/openwrt.git/blob

   1 From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
   2 Date: Fri, 25 Oct 2024 16:05:50 -0600
   3 Subject: [PATCH] wifi: mac80211: ieee80211_i: Fix memory corruption bug in
   4  struct ieee80211_chanctx
   5
   6 Move the `struct ieee80211_chanctx_conf conf` to the end of
   7 `struct ieee80211_chanctx` and fix a memory corruption bug
   8 triggered e.g. in `hwsim_set_chanctx_magic()`: `radar_detected`
   9 is being overwritten when `cp->magic = HWSIM_CHANCTX_MAGIC;`
  10 See the function call sequence below:
  11
  12 drv_add_chanctx(... struct ieee80211_chanctx *ctx) ->
  13     local->ops->add_chanctx(&local->hw, &ctx->conf) ->
  14         mac80211_hwsim_add_chanctx(... struct ieee80211_chanctx_conf *ctx) ->
  15             hwsim_set_chanctx_magic(ctx)
  16
  17 This also happens in a number of other drivers.
  18
  19 Also, add a code comment to try to prevent people from introducing
  20 new members after `struct ieee80211_chanctx_conf conf`. Notice that
  21 `struct ieee80211_chanctx_conf` is a flexible structure --a structure
  22 that contains a flexible-array member, so it should always be at
  23 the end of any other containing structures.
  24
  25 This change also fixes 50 of the following warnings:
  26
  27 net/mac80211/ieee80211_i.h:895:39: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
  28
  29 -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
  30 getting ready to enable it, globally.
  31
  32 Fixes: bca8bc0399ac ("wifi: mac80211: handle ieee80211_radar_detected() for MLO")
  33 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
  34 Link: https://patch.msgid.link/ZxwWPrncTeSi1UTq@kspp
  35 [also refer to other drivers in commit message]
  36 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  37 ---
  38
  39 --- a/net/mac80211/ieee80211_i.h
  40 +++ b/net/mac80211/ieee80211_i.h
  41 @@ -894,9 +894,10 @@ struct ieee80211_chanctx {
  42         /* temporary data for search algorithm etc. */
  43         struct ieee80211_chan_req req;
  44
  45 -       struct ieee80211_chanctx_conf conf;
  46 -
  47         bool radar_detected;
  48 +
  49 +       /* MUST be last - ends in a flexible-array member. */
  50 +       struct ieee80211_chanctx_conf conf;
  51  };
  52
  53  struct mac80211_qos_map {