wifi: libertas: use variable-size data in assoc req/resp cmd
authorJohannes Berg <johannes.berg@intel.com>
Mon, 23 May 2022 16:02:01 +0000 (18:02 +0200)
committerKalle Valo <kvalo@kernel.org>
Mon, 30 May 2022 09:13:25 +0000 (12:13 +0300)
The firmware has a 512 limit here, but we use less, so gcc
starts complaining about it:

drivers/net/wireless/marvell/libertas/cfg.c:1198:63: warning: array subscript ‘struct cmd_ds_802_11_associate_response[0]’ is partly outside array bounds of ‘unsigned char[203]’ [-Warray-bounds]
 1198 |                       "aid 0x%04x\n", status, le16_to_cpu(resp->statuscode),
      |                                                               ^~

Since we size the command and response buffer per our needs
and not per the firmware maximum, change to a variable size
data array and put the 512 only into a comment.

In the end, that's actually what the code always wanted, and
it simplifies the code that used to subtract the fixed size
buffer size in two places.

Reported-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Kalle Valo <kvalo@kernel.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220523180200.115fa27fbece.Ie66d874b047e7afad63900aa2df70f031711147e@changeid
drivers/net/wireless/marvell/libertas/cfg.c
drivers/net/wireless/marvell/libertas/host.h

index 4e3de684928bf90aaab8eefedd028bf9b209d32c..b0b3f59dabc6fd4c9563bc83f6a440e4e098b90f 100644 (file)
@@ -1053,7 +1053,6 @@ static int lbs_set_authtype(struct lbs_private *priv,
  */
 #define LBS_ASSOC_MAX_CMD_SIZE                     \
        (sizeof(struct cmd_ds_802_11_associate)    \
-        - 512 /* cmd_ds_802_11_associate.iebuf */ \
         + LBS_MAX_SSID_TLV_SIZE                   \
         + LBS_MAX_CHANNEL_TLV_SIZE                \
         + LBS_MAX_CF_PARAM_TLV_SIZE               \
@@ -1130,8 +1129,7 @@ static int lbs_associate(struct lbs_private *priv,
        if (sme->ie && sme->ie_len)
                pos += lbs_add_wpa_tlv(pos, sme->ie, sme->ie_len);
 
-       len = (sizeof(*cmd) - sizeof(cmd->iebuf)) +
-               (u16)(pos - (u8 *) &cmd->iebuf);
+       len = sizeof(*cmd) + (u16)(pos - (u8 *) &cmd->iebuf);
        cmd->hdr.size = cpu_to_le16(len);
 
        lbs_deb_hex(LBS_DEB_ASSOC, "ASSOC_CMD", (u8 *) cmd,
index ceff4b92e7a10fdd7e301719c7c99f13b432a5a6..a202b716ad5dabca0a13781efad19a09a7037511 100644 (file)
@@ -528,7 +528,8 @@ struct cmd_ds_802_11_associate {
        __le16 listeninterval;
        __le16 bcnperiod;
        u8 dtimperiod;
-       u8 iebuf[512];    /* Enough for required and most optional IEs */
+       /* 512 permitted - enough for required and most optional IEs */
+       u8 iebuf[];
 } __packed;
 
 struct cmd_ds_802_11_associate_response {
@@ -537,7 +538,8 @@ struct cmd_ds_802_11_associate_response {
        __le16 capability;
        __le16 statuscode;
        __le16 aid;
-       u8 iebuf[512];
+       /* max 512 */
+       u8 iebuf[];
 } __packed;
 
 struct cmd_ds_802_11_set_wep {