>>> #define WMI_MAX_PNO_SSID_NUM (16)
>>> @@ -3320,7 +3320,7 @@ struct wmi_set_link_monitor_cmd {
>>> u8 rssi_hyst;
>>> u8 reserved[12];
>>> u8 rssi_thresholds_list_size;
>>> - s8 rssi_thresholds_list[];
>>> + s8 rssi_thresholds_list[] __counted_by(rssi_thresholds_list_size);
>>> } __packed;
>>
>> this looks ok to me, although I think there is another issue associated with
>> this, namely the way the code populates the rssi_thresholds_list is by
>> defining a separate anonymous struct:
>> struct {
>> struct wmi_set_link_monitor_cmd cmd;
>> s8 rssi_thold;
>> } __packed cmd = {
>> .cmd = {
>> .rssi_hyst = rssi_hyst,
>> .rssi_thresholds_list_size = 1,
>> },
>> .rssi_thold = rssi_thold,
>> };
>>
>> I would expect gcc and clang to both complain about that s8 rssi_thold comes
>> after a flexible array (even though its purpose is to be the value of
>> rssi_thresholds_list[0])
>>
I will merge these two patches together:
https://lore.kernel.org/linux-hardening/ZgODZOB4fOBvKl7R@neat/
https://lore.kernel.org/linux-hardening/ZgOEoCWguq3n1OqQ@neat/
and send these changes together with the DEFINE_FLEX() transformation
in drivers/net/wireless/ath/wil6210/cfg80211.c
diff --git a/drivers/net/wireless/ath/wil6210/wmi.h b/drivers/net/wireless/ath/wil6210/wmi.h
index 71bf2ae27a98..38f64524019e 100644
--- a/drivers/net/wireless/ath/wil6210/wmi.h
+++ b/drivers/net/wireless/ath/wil6210/wmi.h
@@ -474,7 +474,7 @@ struct wmi_start_scan_cmd {
struct {
u8 channel;
u8 reserved;
- } channel_list[];
+ } channel_list[] __counted_by(num_channels);
} __packed;
Thanks
--
Gustavo