According to 'ath11k_ce_alloc_ring()', annotate flexible array member 'skb' of 'struct ath11k_ce_ring' with '__counted_by()' to improve runtime bounds checking when CONFIG_UBSAN_BOUNDS is enabled. Compile tested only. Signed-off-by: Dmitry Antipov <dmantipov@xxxxxxxxx> --- v2: add related comment in ath11k_ce_alloc_ring() --- drivers/net/wireless/ath/ath11k/ce.c | 3 +++ drivers/net/wireless/ath/ath11k/ce.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c index e66e86bdec20..56d616a8506a 100644 --- a/drivers/net/wireless/ath/ath11k/ce.c +++ b/drivers/net/wireless/ath/ath11k/ce.c @@ -620,6 +620,9 @@ ath11k_ce_alloc_ring(struct ath11k_base *ab, int nentries, int desc_sz) if (ce_ring == NULL) return ERR_PTR(-ENOMEM); + /* Note nentries should be set before populating skb[], + * otherwise __counted_by() might raise false positives. + */ ce_ring->nentries = nentries; ce_ring->nentries_mask = nentries - 1; diff --git a/drivers/net/wireless/ath/ath11k/ce.h b/drivers/net/wireless/ath/ath11k/ce.h index bcde2fcf02cf..9c54244970ce 100644 --- a/drivers/net/wireless/ath/ath11k/ce.h +++ b/drivers/net/wireless/ath/ath11k/ce.h @@ -162,7 +162,7 @@ struct ath11k_ce_ring { u32 hal_ring_id; /* keep last */ - struct sk_buff *skb[]; + struct sk_buff *skb[] __counted_by(nentries); }; struct ath11k_ce_pipe { -- 2.47.0