public inbox for linux-wireless@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH wireless-next] wifi: mac80211: add __packed to union members of struct ieee80211_rx_status
@ 2026-04-11  7:25 Ping-Ke Shih
  2026-04-14  0:55 ` Ping-Ke Shih
  0 siblings, 1 reply; 3+ messages in thread
From: Ping-Ke Shih @ 2026-04-11  7:25 UTC (permalink / raw)
  To: johannes, linux-wireless

The arm-linux-gnueabi-gcc compiler, align the field followed by union
members, causing size of struct ieee80211_rx_status over skb->cb
(48 bytes). By investigation, the union member starts at offset 32,
and the offset of next field rate_idx is 36 instead of expected 33, and
the total size is (unexpected) 52.

When compiling rtw88 driver, it throws:

In file included from /work/linux-src/linux-stable/include/linux/string.h:386,
                 from /work/linux-src/linux-stable/include/linux/bitmap.h:13,
                 from /work/linux-src/linux-stable/include/linux/cpumask.h:11,
                 from /work/linux-src/linux-stable/include/linux/smp.h:13,
                 from /work/linux-src/linux-stable/include/linux/lockdep.h:14,
                 from /work/linux-src/linux-stable/include/linux/mutex.h:17,
                 from /work/linux-src/linux-stable/include/linux/kernfs.h:11,
                 from /work/linux-src/linux-stable/include/linux/sysfs.h:16,
                 from /work/linux-src/linux-stable/include/linux/kobject.h:20,
                 from /work/linux-src/linux-stable/include/linux/dmi.h:6,
                 from pci.c:5:
In function 'fortify_memcpy_chk',
    inlined from 'rtw_pci_rx_napi.constprop' at pci.c:1095:4:
/work/linux-src/linux-stable/include/linux/fortify-string.h:569:25: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning]
  569 |                         __write_overflow_field(p_size_field, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After this patch, the size of struct ieee80211_rx_status is 48.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
---
Because of size assertion of rtw88's efuse map [1], I found
arm-linux-gnueabi-gcc compiler throws this warning, but x86 gcc is absolutely
silent and expected without this patch.

[1] https://lore.kernel.org/linux-wireless/7c65e315-5a2e-455e-87ee-8fc6d60ed807@gmail.com/T/#m43fdf8a1c2b8cff92c1ef50faab7993522647162
---
 include/net/mac80211.h | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 40cb20d9309c..02318a4be0e1 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -1747,18 +1747,18 @@ struct ieee80211_rx_status {
 			u8 he_ru:3;
 			u8 he_gi:2;
 			u8 he_dcm:1;
-		};
+		} __packed;
 		struct {
 			u8 ru:4;
 			u8 gi:2;
-		} eht;
+		} __packed eht;
 		struct {
 			u8 ru:4;
 			u8 gi:2;
 			u8 elr:1;
 			u8 im:1;
-		} uhr;
-	};
+		} __packed uhr;
+	} __packed;
 	u8 rate_idx;
 	u8 nss;
 	u8 rx_flags;
@@ -1771,6 +1771,8 @@ struct ieee80211_rx_status {
 	u8 link_valid:1, link_id:4;
 };
 
+static_assert(sizeof(struct ieee80211_rx_status) <= sizeof_field(struct sk_buff, cb));
+
 static inline u32
 ieee80211_rx_status_to_khz(struct ieee80211_rx_status *rx_status)
 {
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-04-16 11:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-11  7:25 [PATCH wireless-next] wifi: mac80211: add __packed to union members of struct ieee80211_rx_status Ping-Ke Shih
2026-04-14  0:55 ` Ping-Ke Shih
2026-04-16 11:53   ` Johannes Berg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox