ClangBuiltLinux
diff --git a/‎patches/mainline/series‎
Lines changed: 0 additions & 1 deletion b/‎patches/mainline/series‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎patches/mainline/v2_20250425_kees_wifi_iwlwifi_mld_work_around_clang_loop_unrolling_bug.patch‎
Lines changed: 0 additions & 93 deletions b/‎patches/mainline/v2_20250425_kees_wifi_iwlwifi_mld_work_around_clang_loop_unrolling_bug.patch‎
Lines changed: 0 additions & 93 deletions
diff --git a/‎patches/stable/368556dd234dc4a506a35a0c99c0eee2ab475c77.patch‎
Lines changed: 54 additions & 0 deletions b/‎patches/stable/368556dd234dc4a506a35a0c99c0eee2ab475c77.patch‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎patches/stable/series‎
Lines changed: 1 addition & 1 deletion b/‎patches/stable/series‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎patches/stable/v2_20250425_kees_wifi_iwlwifi_mld_work_around_clang_loop_unrolling_bug.patch‎
Lines changed: 0 additions & 93 deletions b/‎patches/stable/v2_20250425_kees_wifi_iwlwifi_mld_work_around_clang_loop_unrolling_bug.patch‎
Lines changed: 0 additions & 93 deletions
@@ -0,0 +1,54 @@
+From 368556dd234dc4a506a35a0c99c0eee2ab475c77 Mon Sep 17 00:00:00 2001
+From: Kees Cook <[email protected]>
+Date: Mon, 21 Apr 2025 13:41:57 -0700
+Subject: wifi: iwlwifi: mld: Work around Clang loop unrolling bug
+
+The nested loop in iwl_mld_send_proto_offload() confuses Clang into
+thinking there could be a final loop iteration past the end of the
+"nsc" array (which is only 4 entries). The FORTIFY checking in memcmp()
+(via ipv6_addr_cmp()) notices this (due to the available bytes in the
+out-of-bounds position of &nsc[4] being 0), and errors out, failing
+the build. For some reason (likely due to architectural loop unrolling
+configurations), this is only exposed on ARM builds currently. Due to
+Clang's lack of inline tracking[1], the warning is not very helpful:
+
+include/linux/fortify-string.h:719:4: error: call to '__read_overflow' declared with 'error' attribute: detected read beyond size of object (1st parameter)
+  719 |                         __read_overflow();
+      |                         ^
+1 error generated.
+
+But this was tracked down to iwl_mld_send_proto_offload()'s
+ipv6_addr_cmp() call.
+
+An upstream Clang bug has been filed[2] to track this. For now fix the
+build by explicitly bounding the inner loop by "n_nsc", which is what
+"c" is already limited to.
+
+Reported-by: Nathan Chancellor <[email protected]>
+Closes: https://github.com/ClangBuiltLinux/linux/issues/2076
+Link: https://github.com/llvm/llvm-project/pull/73552 [1]
+Link: https://github.com/llvm/llvm-project/issues/136603 [2]
+Link: https://lore.kernel.org/r/[email protected]
+Signed-off-by: Kees Cook <[email protected]>
+---
+Link: https://git.kernel.org/linus/368556dd234dc4a506a35a0c99c0eee2ab475c77
+---
+ drivers/net/wireless/intel/iwlwifi/mld/d3.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/intel/iwlwifi/mld/d3.c b/drivers/net/wireless/intel/iwlwifi/mld/d3.c
+index ee99298eebf595..7ce01ad3608e18 100644
+--- a/drivers/net/wireless/intel/iwlwifi/mld/d3.c
++++ b/drivers/net/wireless/intel/iwlwifi/mld/d3.c
+@@ -1757,7 +1757,7 @@ iwl_mld_send_proto_offload(struct iwl_mld *mld,
+ 
+ 		addrconf_addr_solict_mult(&wowlan_data->target_ipv6_addrs[i],
+ 					  &solicited_addr);
+-		for (j = 0; j < c; j++)
++		for (j = 0; j < n_nsc && j < c; j++)
+ 			if (ipv6_addr_cmp(&nsc[j].dest_ipv6_addr,
+ 					  &solicited_addr) == 0)
+ 				break;
+-- 
+cgit 1.2.3-korg
+
@@ -1,2 +1,2 @@
+368556dd234dc4a506a35a0c99c0eee2ab475c77.patch
 d8720235d5b5cad86c1f07f65117ef2a96f8bec7.patch
-v2_20250425_kees_wifi_iwlwifi_mld_work_around_clang_loop_unrolling_bug.patch
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
	`1`	`+368556dd234dc4a506a35a0c99c0eee2ab475c77.patch`
`1`	`2`	`d8720235d5b5cad86c1f07f65117ef2a96f8bec7.patch`
`2`		`-v2_20250425_kees_wifi_iwlwifi_mld_work_around_clang_loop_unrolling_bug.patch`