From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Ping-Ke Shih <pkshih@realtek.com>,
Zong-Zhe Yang <kevin_yang@realtek.com>,
Johannes Berg <johannes.berg@intel.com>,
Sasha Levin <sashal@kernel.org>,
johannes@sipsolutions.net, davem@davemloft.net,
edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 6.6 04/31] wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
Date: Tue, 7 Nov 2023 07:05:51 -0500 [thread overview]
Message-ID: <20231107120704.3756327-4-sashal@kernel.org> (raw)
In-Reply-To: <20231107120704.3756327-1-sashal@kernel.org>
From: Ping-Ke Shih <pkshih@realtek.com>
[ Upstream commit e160ab85166e77347d0cbe5149045cb25e83937f ]
We can get a UBSAN warning if ieee80211_get_tx_power() returns the
INT_MIN value mac80211 internally uses for "unset power level".
UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5
-2147483648 * 100 cannot be represented in type 'int'
CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE
Call Trace:
dump_stack+0x74/0x92
ubsan_epilogue+0x9/0x50
handle_overflow+0x8d/0xd0
__ubsan_handle_mul_overflow+0xe/0x10
nl80211_send_iface+0x688/0x6b0 [cfg80211]
[...]
cfg80211_register_wdev+0x78/0xb0 [cfg80211]
cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211]
[...]
ieee80211_if_add+0x60e/0x8f0 [mac80211]
ieee80211_register_hw+0xda5/0x1170 [mac80211]
In this case, simply return an error instead, to indicate
that no data is available.
Cc: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://lore.kernel.org/r/20230203023636.4418-1-pkshih@realtek.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/cfg.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 0e3a1753a51c6..715da615f0359 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -3121,6 +3121,10 @@ static int ieee80211_get_tx_power(struct wiphy *wiphy,
else
*dbm = sdata->vif.bss_conf.txpower;
+ /* INT_MIN indicates no power level was set yet */
+ if (*dbm == INT_MIN)
+ return -EINVAL;
+
return 0;
}
--
2.42.0
next prev parent reply other threads:[~2023-11-07 12:07 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-07 12:05 [PATCH AUTOSEL 6.6 01/31] wifi: plfxlc: fix clang-specific fortify warning Sasha Levin
2023-11-07 12:05 ` [PATCH AUTOSEL 6.6 02/31] wifi: ath12k: Ignore fragments from uninitialized peer in dp Sasha Levin
2023-11-07 12:05 ` [PATCH AUTOSEL 6.6 03/31] wifi: mac80211_hwsim: fix clang-specific fortify warning Sasha Levin
2023-11-07 12:05 ` Sasha Levin [this message]
2023-11-07 12:05 ` [PATCH AUTOSEL 6.6 07/31] wifi: ath9k: fix clang-specific fortify warnings Sasha Levin
2023-11-07 12:05 ` [PATCH AUTOSEL 6.6 08/31] wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() Sasha Levin
2023-11-07 12:05 ` [PATCH AUTOSEL 6.6 09/31] wifi: ath10k: fix clang-specific fortify warning Sasha Levin
2023-11-07 12:05 ` [PATCH AUTOSEL 6.6 10/31] wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() Sasha Levin
2023-11-07 12:06 ` [PATCH AUTOSEL 6.6 13/31] wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023) Sasha Levin
2023-11-07 12:06 ` [PATCH AUTOSEL 6.6 14/31] wifi: mt76: fix clang-specific fortify warnings Sasha Levin
2023-11-07 12:06 ` [PATCH AUTOSEL 6.6 15/31] wifi: mt76: get rid of false alamrs of tx emission issues Sasha Levin
2023-11-07 12:06 ` [PATCH AUTOSEL 6.6 18/31] wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register() Sasha Levin
2023-11-07 12:06 ` [PATCH AUTOSEL 6.6 19/31] wifi: ath10k: Don't touch the CE interrupt registers after power up Sasha Levin
2023-11-07 12:06 ` [PATCH AUTOSEL 6.6 23/31] wifi: iwlwifi: mvm: fix size check for fw_link_id Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231107120704.3756327-4-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=johannes.berg@intel.com \
--cc=johannes@sipsolutions.net \
--cc=kevin_yang@realtek.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pkshih@realtek.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).