From: Shuah Khan <skhan@linuxfoundation.org>
To: "Matthew Schwartz" <matthew.schwartz@linux.dev>,
"Linus Torvalds" <torvalds@linux-foundation.org>,
"Thomas Weißschuh" <linux@weissschuh.net>,
"Eric Biggers" <ebiggers@kernel.org>,
"Mikhail Gavrilov" <mikhail.v.gavrilov@gmail.com>,
"Mario Limonciello" <superm1@kernel.org>,
"Johannes Berg" <johannes@sipsolutions.net>
Cc: quan.zhou@mediatek.com, Felix Fietkau <nbd@nbd.name>,
lorenzo@kernel.org, ryder.lee@mediatek.com,
linux-wireless@vger.kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
linux-mediatek@lists.infradead.org, shuah <shuah@kernel.org>,
Shuah Khan <skhan@linuxfoundation.org>
Subject: Re: Linux 6.19-rc1 mediatek mt7921e broke badly
Date: Tue, 30 Dec 2025 16:57:20 -0700 [thread overview]
Message-ID: <c1304430-dd7d-437b-8744-70af9ca85c0d@linuxfoundation.org> (raw)
In-Reply-To: <6fc04df5-b753-4b2d-b978-0e59a7f48ff7@linux.dev>
On 12/29/25 21:21, Matthew Schwartz wrote:
> On 12/29/25 4:41 PM, Linus Torvalds wrote:
>> On Sat, 27 Dec 2025 at 04:25, Thomas Weißschuh <linux@weissschuh.net> wrote:
>>>
>>> Hi Shuah,
>>>
>>> On 2025-12-27 02:07:24-0700, Shuah Khan wrote:
>>>> mt7921e doesn't load on my primary laptopn on Linux 6.19-rc1 and problem
>>>> still there on 6.19-rc2.
>>>
>>> This should be a duplicate of
>>> https://lore.kernel.org/all/CABXGCsMeAZyNJ-Axt_CUCXgyieWPV3rrcLpWsveMPT8R0YPGnQ@mail.gmail.com/
>>
>> Hmm. I wonder if we could instead do this:
>>
>> --- a/lib/string.c
>> +++ b/lib/string.c
>> @@ -113,7 +113,7 @@ EXPORT_SYMBOL(strncpy);
>> ssize_t sized_strscpy(char *dest, const char *src, size_t count)
>> {
>> const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
>> - size_t max = count;
>> + size_t max = count - 1;
>> long res = 0;
>>
>> if (count == 0 || WARN_ON_ONCE(count > INT_MAX))
>>
>> (intentionally whitespace-damaged patch, because I want people to
>> think about it).
>
> I gave this a try on its own but I was still experiencing a kernel crash:
>
> [ 3.339408] strnlen: detected buffer overflow: 17 byte read of buffer size 16
> [ 3.339804] WARNING: lib/string_helpers.c:1035 at __fortify_report+0x41/0x50, CPU#14: kworker/14:0/105
> [ 3.352248] __fortify_panic+0xd/0xf
> [ 3.352259] mt76_connac2_load_patch.cold+0x2b/0x95a [mt76_connac_lib 8f0d0f7b30f881af23462dac0a8cc5ff88d08cd0]
>
> However, applying a similar diff in the fortify wrapper does prevent the crash:
>
> --- a/include/linux/fortify-string.h
> +++ b/include/linux/fortify-string.h
> @@ -306,13 +306,13 @@ __FORTIFY_INLINE ssize_t sized_strscpy(char * const POS p, const char * const PO
> * This call protects from read overflow, because len will default to q
> * length if it smaller than size.
> */
> - len = strnlen(q, size);
> + len = strnlen(q, size - 1);
> /*
> * If len equals size, we will copy only size bytes which leads to
> * -E2BIG being returned.
> * Otherwise we will copy len + 1 because of the final '\O'.
> */
> - len = len == size ? size : len + 1;
> + len = len == size - 1 ? size : len + 1;
>
> /*
> * Generate a runtime write overflow error if len is greater than
>
> Not sure what the implications of such a change would be relative to the proposed
> fix here: https://lore.kernel.org/all/20251205161202.48409-1-mikhail.v.gavrilov@gmail.com/
+ adding Johannes to this thread also.
Reverting the following fixed my problem.
f804a5895eba ("wifi: mt76: Strip whitespace from build ddate")
The above fixes an extra newline in the dmesg by making the
code more complex it needs to introducing local buffers and
strscpy() - the proposed fix replaces this with memcpy().
Is there a simple way to do this than introducing memcpy()
or strscpy() to remove an extra newline that might or might
not exist? Why not check if newline exists or not using
strstr()?
I would recommend reverting f804a5895eba instead of trying
fix it. Then find a better way to eliminate extra newline that
shows up in dmesg when firmware build date happens to have
a newline.
thanks,
-- Shuah
next prev parent reply other threads:[~2025-12-30 23:57 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-27 9:07 Linux 6.19-rc1 mediatek mt7921e broke badly Shuah Khan
2025-12-27 12:25 ` Thomas Weißschuh
2025-12-30 0:41 ` Linus Torvalds
2025-12-30 4:21 ` Matthew Schwartz
2025-12-30 23:57 ` Shuah Khan [this message]
2025-12-31 1:27 ` Linus Torvalds
2025-12-31 1:57 ` Eric Biggers
2025-12-31 4:00 ` Shuah Khan
2025-12-31 4:07 ` Shuah Khan
2025-12-31 21:08 ` Shuah Khan
2025-12-31 10:36 ` Thomas Weißschuh
2025-12-31 16:21 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c1304430-dd7d-437b-8744-70af9ca85c0d@linuxfoundation.org \
--to=skhan@linuxfoundation.org \
--cc=ebiggers@kernel.org \
--cc=johannes@sipsolutions.net \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=linux@weissschuh.net \
--cc=lorenzo@kernel.org \
--cc=matthew.schwartz@linux.dev \
--cc=mikhail.v.gavrilov@gmail.com \
--cc=nbd@nbd.name \
--cc=quan.zhou@mediatek.com \
--cc=ryder.lee@mediatek.com \
--cc=shuah@kernel.org \
--cc=superm1@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).