This is a note to let you know that I've just added the patch titled
wifi: cfg80211: sme: init n_channels before channels[] access
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
wifi-cfg80211-sme-init-n_channels-before-channels-ac.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 7931f13598a9f2fa0a877b44346744cac60dc2e7
Author: Haoyu Li <lihaoyu499@xxxxxxxxx>
Date: Tue Dec 3 23:20:49 2024 +0800
wifi: cfg80211: sme: init n_channels before channels[] access
[ Upstream commit f1d3334d604cc32db63f6e2b3283011e02294e54 ]
With the __counted_by annocation in cfg80211_scan_request struct,
the "n_channels" struct member must be set before accessing the
"channels" array. Failing to do so will trigger a runtime warning
when enabling CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE.
Fixes: e3eac9f32ec0 ("wifi: cfg80211: Annotate struct cfg80211_scan_request with __counted_by")
Signed-off-by: Haoyu Li <lihaoyu499@xxxxxxxxx>
Link: https://patch.msgid.link/20241203152049.348806-1-lihaoyu499@xxxxxxxxx
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 591cda99d72f..70881782c25c 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -83,6 +83,7 @@ static int cfg80211_conn_scan(struct wireless_dev *wdev)
if (!request)
return -ENOMEM;
+ request->n_channels = n_channels;
if (wdev->conn->params.channel) {
enum nl80211_band band = wdev->conn->params.channel->band;
struct ieee80211_supported_band *sband =
