According to 'ath12k_reg_update_chan_list()', annotate flexible array member 'channel' of 'struct ath12k_wmi_scan_chan_list_arg' with '__counted_by()' attribute to improve runtime bounds checking when CONFIG_UBSAN_BOUNDS is enabled. Compile tested only. Signed-off-by: Dmitry Antipov <dmantipov@xxxxxxxxx> --- v2: fix typo and add related comment in ath12k_reg_update_chan_list() --- drivers/net/wireless/ath/ath12k/reg.c | 3 +++ drivers/net/wireless/ath/ath12k/wmi.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath12k/reg.c b/drivers/net/wireless/ath/ath12k/reg.c index 439d61f284d8..dbd6f0570498 100644 --- a/drivers/net/wireless/ath/ath12k/reg.c +++ b/drivers/net/wireless/ath/ath12k/reg.c @@ -131,6 +131,9 @@ int ath12k_reg_update_chan_list(struct ath12k *ar) return -ENOMEM; arg->pdev_id = ar->pdev->pdev_id; + /* Note nallchans should be set before populating channel[], + * otherwise __counted_by() might raise false positives. + */ arg->nallchans = num_channels; ch = arg->channel; diff --git a/drivers/net/wireless/ath/ath12k/wmi.h b/drivers/net/wireless/ath/ath12k/wmi.h index 6a913f9b8315..02b3d722a23b 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.h +++ b/drivers/net/wireless/ath/ath12k/wmi.h @@ -3746,7 +3746,7 @@ struct wmi_stop_scan_cmd { struct ath12k_wmi_scan_chan_list_arg { u32 pdev_id; u16 nallchans; - struct ath12k_wmi_channel_arg channel[]; + struct ath12k_wmi_channel_arg channel[] __counted_by(nallchans); }; struct wmi_scan_chan_list_cmd { -- 2.47.0