From nobody Thu Jun 11 06:59:04 2026 Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 662F53644CF for ; Tue, 28 Apr 2026 20:50:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777409436; cv=none; b=D3imXhcBj9ycGeO1CkoLfzX46ekJ6OARQIqE3ZDrOL26B8BPTkCG7v0USDgYyRYENRK7dEyohb7tSsZ+pvrM7XImJ9mzx5ApP4ZgeX07Iywmhro/KJFF2FZyLuT2jwZ8zm4Jq7bRXwNzmo/UvimZXQhvY0iTS5Z7MC0ZJDgOjvM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777409436; c=relaxed/simple; bh=96eFmX7Hw7uaVXtRcZ0NGiKwvwPVVaFtiROart6yDJY=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=pWWssFG1kblWmptayw//z3yBgaal2jLbeB7mAC+bLggXqVY3ZL2OFiOtXnfaVQ5Lq83YgEg3mRwy1B6k9HUw9+JuNvVE17sbVKKzdP71Poo3Tw4QNpHwMChDHEPBw6CRdsZu9qVrk391LoBrIR/P57AyUYDw0tSAZRMuO0DSxns= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=osE5EJhf; arc=none smtp.client-ip=209.85.210.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="osE5EJhf" Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-8296d553142so6722329b3a.3 for ; Tue, 28 Apr 2026 13:50:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777409435; x=1778014235; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=8NzPUuQXwNwzOXO6cxunjkL9bjxxgNti1T1DyCWU3h0=; b=osE5EJhfAVhySA+zQ+NnsH21dS/78NLTjQECUwtE1Drj2T2IuP9P2vzsBMKQUrg+G9 H/jOQQnZbcRQ81edbqUyBD87T6wyAYIpW1ylCzHGU/i2W/w1uRrM68UfJ+Sqj57dV9bu PrUOmEnJSN0KU5qesVlaBCDUmadQLxH2+r4Q+WyQcMHWoNW+9c55c5CyBo7tx/8OEFy0 iGpJlBOzfQa6JzciV1yY1TNv2McsbrerhzTWSxFM01z7qZFaGtMOG9DdLZyG7D0ILWnH qHjFeUwB/YEZKOBb14dXx/cCTrIftqccS7Lp1w9znh14x6kWfDmpvlyhnga+iGbcVuCQ rcgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777409435; x=1778014235; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=8NzPUuQXwNwzOXO6cxunjkL9bjxxgNti1T1DyCWU3h0=; b=obEkmg2TnCBLod/NxBFBJi+s0jfYhXGsG4i/aFsD6RF216+YeIknbk/kOtaq4kgDGy 54Bs0ak9/vzl2avSalALvXunJIf1rGUHheiKP7bMHUpVTJULeqhjZa+E8Qh6KLyPxSp/ PHmd19ym+YupN18hpoDbyJLJTcqOhPvfMwJ+EFVs0esxYKgCxnOZ9oqMlK69N/QQSXpf Xwpz9SYR63QtNolAoNl8Rnn77WciR53n7uMpacpqtBCesQgSjPKqHJzK9pKnl4Brib32 d2TVXjMdoqScWcS2koPeLPWE16ONNbKC6yVL8poCMtE3F3Etp7zsE1CiK7eX2aycESfV mgTA== X-Forwarded-Encrypted: i=1; AFNElJ/zDupojPXQJ8YiLuNpj3WhWbdK1KYElwiFEA7dtWoQfyowJLc/c7JjyKM55B3/3wmPVW8pKKHpc/lNe5E=@vger.kernel.org X-Gm-Message-State: AOJu0YyfoMXyiiRBm+A+tSI7O1jQCdz2YRGVtdMZNZ7R5yPl3Qa8azUi GrJJwYi0pdx8SBSX8yd8THRNjuXcaiHMvg2iJfh06FeVUytp4NWPJ2Dl X-Gm-Gg: AeBDieu6aBE4peubT4XicJDeTlmKUCO9j/7vSbwXQH0dvPQqM5reHYsOC974MtMtNhz ImQ/Xa7goj/KylqjksRZwendIjHE6Yw17g5ZiY9ckOK9mU/7GEPjTsmmvwR8Wn9Awk6u0OBjjd/ vHAQpF92/GnzO1Nya/lbIYLhJmUZkCTtFIONSqUUYx0MHkcZUzokYr/CKvi6ZrILEE3gLZ8KxdD fZrsLyoETHatvGTy/fjJDCYWPPDQ2QDTEwutqed16utHUWUy92/d+B6vfKK2Hyp/FbY22MKkH0o CHYJDJg0iJJtzycw2OXQioBlQXx2h6JYK3S0O+naz/qHBRgNQQXPkdminNxz+gr7+5nWWtSWRQC 6Rlcin1rE7t0AW7d6NK6iSzWnM6GEbqdrffIeFej7R2i9eFUM3wUNEI0YbQsiaZ9xyxyvEHWHoD 1cz49OnmBEAFdy50AxcFQ16vp1X+4DsHNafs9R8ETj69uZ+k5Fr2cWsxBBlyO1KhXLtOyBEN6t0 CeVnRzpdKMkPe1XSSRkyyWqTA== X-Received: by 2002:a05:6a00:950d:b0:81f:ac81:d597 with SMTP id d2e1a72fcca58-834ea2200cdmr812642b3a.0.1777409434826; Tue, 28 Apr 2026 13:50:34 -0700 (PDT) Received: from ryzen ([2601:644:8000:5b5d::8bd]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-834dae1fd8esm3301581b3a.13.2026.04.28.13.50.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Apr 2026 13:50:34 -0700 (PDT) From: Rosen Penev To: linux-wireless@vger.kernel.org Cc: Jeff Johnson , Kees Cook , "Gustavo A. R. Silva" , ath11k@lists.infradead.org (open list:QUALCOMM ATHEROS ATH11K WIRELESS DRIVER), linux-kernel@vger.kernel.org (open list), linux-hardening@vger.kernel.org (open list:KERNEL HARDENING (not covered by other areas):Keyword:\b__counted_by(_le|_be)?\b) Subject: [PATCHv3 ath-next] wifi: ath11k: use kzalloc_flex Date: Tue, 28 Apr 2026 13:50:17 -0700 Message-ID: <20260428205017.26288-1-rosenp@gmail.com> X-Mailer: git-send-email 2.54.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Convert kzalloc_obj + kcalloc to kzalloc_flex to save an allocation. Add __counted_by to get extra runtime analysis. Move counting variable assignment immediately after allocation before any potential accesses. kzalloc_flex does this anyway for GCC >=3D 15. Signed-off-by: Rosen Penev Reviewed-by: Baochen Qiang Reviewed-by: Rameshkumar Sundaram --- v3: remove one more kfree for chan_list. v2: reword counting variable comment. drivers/net/wireless/ath/ath11k/mac.c | 72 ++++++++++----------------- drivers/net/wireless/ath/ath11k/wmi.h | 2 +- 2 files changed, 28 insertions(+), 46 deletions(-) diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/a= th/ath11k/mac.c index 4a68bb9ca4fa..8d9e1e33e47d 100644 --- a/drivers/net/wireless/ath/ath11k/mac.c +++ b/drivers/net/wireless/ath/ath11k/mac.c @@ -4228,13 +4228,14 @@ static int ath11k_mac_op_hw_scan(struct ieee80211_h= w *hw, if (ret) goto exit; =20 - arg =3D kzalloc_obj(*arg); + arg =3D kzalloc_flex(*arg, chan_list, req->n_channels); =20 if (!arg) { ret =3D -ENOMEM; goto exit; } =20 + arg->num_chan =3D req->n_channels; ath11k_wmi_start_scan_init(ar, arg); arg->vdev_id =3D arvif->vdev_id; arg->scan_id =3D ATH11K_SCAN_ID; @@ -4262,38 +4263,27 @@ static int ath11k_mac_op_hw_scan(struct ieee80211_h= w *hw, arg->scan_f_passive =3D 1; } =20 - if (req->n_channels) { - arg->num_chan =3D req->n_channels; - arg->chan_list =3D kcalloc(arg->num_chan, sizeof(*arg->chan_list), - GFP_KERNEL); + for (i =3D 0; i < arg->num_chan; i++) { + if (test_bit(WMI_TLV_SERVICE_SCAN_CONFIG_PER_CHANNEL, + ar->ab->wmi_ab.svc_map)) { + arg->chan_list[i] =3D + u32_encode_bits(req->channels[i]->center_freq, + WMI_SCAN_CONFIG_PER_CHANNEL_MASK); =20 - if (!arg->chan_list) { - ret =3D -ENOMEM; - goto exit; - } - - for (i =3D 0; i < arg->num_chan; i++) { - if (test_bit(WMI_TLV_SERVICE_SCAN_CONFIG_PER_CHANNEL, - ar->ab->wmi_ab.svc_map)) { - arg->chan_list[i] =3D - u32_encode_bits(req->channels[i]->center_freq, - WMI_SCAN_CONFIG_PER_CHANNEL_MASK); - - /* If NL80211_SCAN_FLAG_COLOCATED_6GHZ is set in scan - * flags, then scan all PSC channels in 6 GHz band and - * those non-PSC channels where RNR IE is found during - * the legacy 2.4/5 GHz scan. - * If NL80211_SCAN_FLAG_COLOCATED_6GHZ is not set, - * then all channels in 6 GHz will be scanned. - */ - if (req->channels[i]->band =3D=3D NL80211_BAND_6GHZ && - req->flags & NL80211_SCAN_FLAG_COLOCATED_6GHZ && - !cfg80211_channel_is_psc(req->channels[i])) - arg->chan_list[i] |=3D - WMI_SCAN_CH_FLAG_SCAN_ONLY_IF_RNR_FOUND; - } else { - arg->chan_list[i] =3D req->channels[i]->center_freq; - } + /* If NL80211_SCAN_FLAG_COLOCATED_6GHZ is set in scan + * flags, then scan all PSC channels in 6 GHz band and + * those non-PSC channels where RNR IE is found during + * the legacy 2.4/5 GHz scan. + * If NL80211_SCAN_FLAG_COLOCATED_6GHZ is not set, + * then all channels in 6 GHz will be scanned. + */ + if (req->channels[i]->band =3D=3D NL80211_BAND_6GHZ && + req->flags & NL80211_SCAN_FLAG_COLOCATED_6GHZ && + !cfg80211_channel_is_psc(req->channels[i])) + arg->chan_list[i] |=3D + WMI_SCAN_CH_FLAG_SCAN_ONLY_IF_RNR_FOUND; + } else { + arg->chan_list[i] =3D req->channels[i]->center_freq; } } =20 @@ -4336,7 +4326,6 @@ static int ath11k_mac_op_hw_scan(struct ieee80211_hw = *hw, =20 exit: if (arg) { - kfree(arg->chan_list); kfree(arg->extraie.ptr); kfree(arg); } @@ -9736,19 +9725,14 @@ static int ath11k_mac_op_remain_on_channel(struct i= eee80211_hw *hw, =20 scan_time_msec =3D ar->hw->wiphy->max_remain_on_channel_duration * 2; =20 - arg =3D kzalloc_obj(*arg); + arg =3D kzalloc_flex(*arg, chan_list, 1); if (!arg) { ret =3D -ENOMEM; goto exit; } - ath11k_wmi_start_scan_init(ar, arg); + arg->num_chan =3D 1; - arg->chan_list =3D kcalloc(arg->num_chan, sizeof(*arg->chan_list), - GFP_KERNEL); - if (!arg->chan_list) { - ret =3D -ENOMEM; - goto free_arg; - } + ath11k_wmi_start_scan_init(ar, arg); =20 arg->vdev_id =3D arvif->vdev_id; arg->scan_id =3D ATH11K_SCAN_ID; @@ -9769,7 +9753,7 @@ static int ath11k_mac_op_remain_on_channel(struct iee= e80211_hw *hw, spin_lock_bh(&ar->data_lock); ar->scan.state =3D ATH11K_SCAN_IDLE; spin_unlock_bh(&ar->data_lock); - goto free_chan_list; + goto free_arg; } =20 ret =3D wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ); @@ -9779,7 +9763,7 @@ static int ath11k_mac_op_remain_on_channel(struct iee= e80211_hw *hw, if (ret) ath11k_warn(ar->ab, "failed to stop scan: %d\n", ret); ret =3D -ETIMEDOUT; - goto free_chan_list; + goto free_arg; } =20 ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout, @@ -9787,8 +9771,6 @@ static int ath11k_mac_op_remain_on_channel(struct iee= e80211_hw *hw, =20 ret =3D 0; =20 -free_chan_list: - kfree(arg->chan_list); free_arg: kfree(arg); exit: diff --git a/drivers/net/wireless/ath/ath11k/wmi.h b/drivers/net/wireless/a= th/ath11k/wmi.h index baed501b640b..b2dade0516ac 100644 --- a/drivers/net/wireless/ath/ath11k/wmi.h +++ b/drivers/net/wireless/ath/ath11k/wmi.h @@ -3423,7 +3423,6 @@ struct scan_req_params { u32 num_bssid; u32 num_ssids; u32 n_probes; - u32 *chan_list; u32 notify_scan_events; struct wlan_ssid ssid[WLAN_SCAN_PARAMS_MAX_SSID]; struct wmi_mac_addr bssid_list[WLAN_SCAN_PARAMS_MAX_BSSID]; @@ -3436,6 +3435,7 @@ struct scan_req_params { struct hint_bssid hint_bssid[WLAN_SCAN_MAX_HINT_BSSID]; struct wmi_mac_addr mac_addr; struct wmi_mac_addr mac_mask; + u32 chan_list[] __counted_by(num_chan); }; =20 struct wmi_ssid_arg { --=20 2.54.0