[PATCH rtw-next] wifi: rtw89: phy: fix uninitialized variable access in rtw89_phy_cfo_set_crystal

public inbox for linux-wireless@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH rtw-next] wifi: rtw89: phy: fix uninitialized variable access in rtw89_phy_cfo_set_crystal_cap()
@ 2026-03-23 14:05 Alexey Velichayshiy
  2026-03-24  1:17 ` Ping-Ke Shih
  0 siblings, 1 reply; 2+ messages in thread
From: Alexey Velichayshiy @ 2026-03-23 14:05 UTC (permalink / raw)
  To: Ping-Ke Shih
  Cc: Alexey Velichayshiy, Yuan-Han Zhang, Kalle Valo, linux-wireless,
	linux-kernel, lvc-project

In the rtw89_phy_cfo_set_crystal_cap() function, for chips other than
RTL8852A/RTL8851B, the values read by rtw89_mac_read_xtal_si() are
stored into the local variables sc_xi_val and sc_xo_val. If either
read fails, these variables remain uninitialized, they are later
used to update cfo->crystal_cap and in debug print statements. This
can lead to undefined behavior.

Fix the issue by initializing sc_xi_val and sc_xo_val to zero,
like is implemented in vendor driver.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 8379fa611536 ("rtw89: 8852c: add write/read crystal function in CFO tracking")
Signed-off-by: Alexey Velichayshiy <a.velichayshiy@ispras.ru>
---
 drivers/net/wireless/realtek/rtw89/phy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/realtek/rtw89/phy.c b/drivers/net/wireless/realtek/rtw89/phy.c
index ee6ab2136b9a..ee8a36003e5d 100644
--- a/drivers/net/wireless/realtek/rtw89/phy.c
+++ b/drivers/net/wireless/realtek/rtw89/phy.c
@@ -4860,7 +4860,7 @@ static void rtw89_phy_cfo_set_crystal_cap(struct rtw89_dev *rtwdev,
 {
 	struct rtw89_cfo_tracking_info *cfo = &rtwdev->cfo_tracking;
 	const struct rtw89_chip_info *chip = rtwdev->chip;
-	u8 sc_xi_val, sc_xo_val;
+	u8 sc_xi_val = 0, sc_xo_val = 0;
 
 	if (!force && cfo->crystal_cap == crystal_cap)
 		return;
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* RE: [PATCH rtw-next] wifi: rtw89: phy: fix uninitialized variable access in rtw89_phy_cfo_set_crystal_cap()
  2026-03-23 14:05 [PATCH rtw-next] wifi: rtw89: phy: fix uninitialized variable access in rtw89_phy_cfo_set_crystal_cap() Alexey Velichayshiy
@ 2026-03-24  1:17 ` Ping-Ke Shih
  0 siblings, 0 replies; 2+ messages in thread
From: Ping-Ke Shih @ 2026-03-24  1:17 UTC (permalink / raw)
  To: Alexey Velichayshiy
  Cc: Yuan-Han Zhang, Kalle Valo, linux-wireless@vger.kernel.org,
	linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org

Alexey Velichayshiy <a.velichayshiy@ispras.ru> wrote:
> In the rtw89_phy_cfo_set_crystal_cap() function, for chips other than
> RTL8852A/RTL8851B, the values read by rtw89_mac_read_xtal_si() are
> stored into the local variables sc_xi_val and sc_xo_val. If either
> read fails, these variables remain uninitialized, they are later
> used to update cfo->crystal_cap and in debug print statements. This
> can lead to undefined behavior.
> 
> Fix the issue by initializing sc_xi_val and sc_xo_val to zero,
> like is implemented in vendor driver.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 8379fa611536 ("rtw89: 8852c: add write/read crystal function in CFO
> tracking")
> Signed-off-by: Alexey Velichayshiy <a.velichayshiy@ispras.ru>

Acked-by: Ping-Ke Shih <pkshih@realtek.com>



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-24  1:17 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-23 14:05 [PATCH rtw-next] wifi: rtw89: phy: fix uninitialized variable access in rtw89_phy_cfo_set_crystal_cap() Alexey Velichayshiy
2026-03-24  1:17 ` Ping-Ke Shih

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox