public inbox for linux-wireless@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH ath-next] wifi: ath12k: initialize RSSI dBm conversion event state
@ 2026-04-27 10:30 Rameshkumar Sundaram
  2026-04-28  2:54 ` Baochen Qiang
  2026-05-04 14:21 ` Jeff Johnson
  0 siblings, 2 replies; 3+ messages in thread
From: Rameshkumar Sundaram @ 2026-04-27 10:30 UTC (permalink / raw)
  To: ath12k; +Cc: linux-wireless, Rameshkumar Sundaram

Currently, the RSSI dBm conversion event handler leaves struct
ath12k_wmi_rssi_dbm_conv_info_arg uninitialized on the stack before
calling the TLV parser. If one of the optional sub-TLVs is absent, the
corresponding *_present flag retains stack garbage and later gets read
in ath12k_wmi_update_rssi_offsets(). With UBSAN enabled this triggers an
invalid-load report for _Bool:

UBSAN: invalid-load in drivers/net/wireless/ath/ath12k/wmi.c:9682:15
load of value 9 is not a valid value for type '_Bool'
Call Trace:
 ath12k_wmi_rssi_dbm_conversion_params_info_event.cold+0x72/0x85 [ath12k]
 ath12k_wmi_op_rx+0x1871/0x2ab0 [ath12k]
 ath12k_htc_rx_completion_handler+0x44b/0x810 [ath12k]
 ath12k_ce_recv_process_cb+0x554/0x9f0 [ath12k]
 ath12k_ce_per_engine_service+0xbe/0xf0 [ath12k]
 ath12k_pci_ce_workqueue+0x69/0x120 [ath12k]

Initialize the parsed event state to zero before passing it to the TLV
parser so missing sub-TLVs correctly leave the presence flags false.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1

Fixes: 0314ee81a91d ("wifi: ath12k: handle WMI event for real noise floor calculation")
Signed-off-by: Rameshkumar Sundaram <rameshkumar.sundaram@oss.qualcomm.com>
---
 drivers/net/wireless/ath/ath12k/wmi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c
index 484fdd3b1b7f..1e2e1fddd081 100644
--- a/drivers/net/wireless/ath/ath12k/wmi.c
+++ b/drivers/net/wireless/ath/ath12k/wmi.c
@@ -9689,7 +9689,7 @@ static void
 ath12k_wmi_rssi_dbm_conversion_params_info_event(struct ath12k_base *ab,
 						 struct sk_buff *skb)
 {
-	struct ath12k_wmi_rssi_dbm_conv_info_arg rssi_info;
+	struct ath12k_wmi_rssi_dbm_conv_info_arg rssi_info = {};
 	struct ath12k *ar;
 	s32 noise_floor;
 	u32 pdev_id;

base-commit: 7aa24d964a04648b547197c22364e2b76aec096e
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH ath-next] wifi: ath12k: initialize RSSI dBm conversion event state
  2026-04-27 10:30 [PATCH ath-next] wifi: ath12k: initialize RSSI dBm conversion event state Rameshkumar Sundaram
@ 2026-04-28  2:54 ` Baochen Qiang
  2026-05-04 14:21 ` Jeff Johnson
  1 sibling, 0 replies; 3+ messages in thread
From: Baochen Qiang @ 2026-04-28  2:54 UTC (permalink / raw)
  To: Rameshkumar Sundaram, ath12k; +Cc: linux-wireless



On 4/27/2026 6:30 PM, Rameshkumar Sundaram wrote:
> Currently, the RSSI dBm conversion event handler leaves struct
> ath12k_wmi_rssi_dbm_conv_info_arg uninitialized on the stack before
> calling the TLV parser. If one of the optional sub-TLVs is absent, the
> corresponding *_present flag retains stack garbage and later gets read
> in ath12k_wmi_update_rssi_offsets(). With UBSAN enabled this triggers an
> invalid-load report for _Bool:
> 
> UBSAN: invalid-load in drivers/net/wireless/ath/ath12k/wmi.c:9682:15
> load of value 9 is not a valid value for type '_Bool'
> Call Trace:
>  ath12k_wmi_rssi_dbm_conversion_params_info_event.cold+0x72/0x85 [ath12k]
>  ath12k_wmi_op_rx+0x1871/0x2ab0 [ath12k]
>  ath12k_htc_rx_completion_handler+0x44b/0x810 [ath12k]
>  ath12k_ce_recv_process_cb+0x554/0x9f0 [ath12k]
>  ath12k_ce_per_engine_service+0xbe/0xf0 [ath12k]
>  ath12k_pci_ce_workqueue+0x69/0x120 [ath12k]
> 
> Initialize the parsed event state to zero before passing it to the TLV
> parser so missing sub-TLVs correctly leave the presence flags false.
> 
> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1
> 
> Fixes: 0314ee81a91d ("wifi: ath12k: handle WMI event for real noise floor calculation")
> Signed-off-by: Rameshkumar Sundaram <rameshkumar.sundaram@oss.qualcomm.com>

Reviewed-by: Baochen Qiang <baochen.qiang@oss.qualcomm.com>


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH ath-next] wifi: ath12k: initialize RSSI dBm conversion event state
  2026-04-27 10:30 [PATCH ath-next] wifi: ath12k: initialize RSSI dBm conversion event state Rameshkumar Sundaram
  2026-04-28  2:54 ` Baochen Qiang
@ 2026-05-04 14:21 ` Jeff Johnson
  1 sibling, 0 replies; 3+ messages in thread
From: Jeff Johnson @ 2026-05-04 14:21 UTC (permalink / raw)
  To: ath12k, Rameshkumar Sundaram; +Cc: linux-wireless


On Mon, 27 Apr 2026 16:00:11 +0530, Rameshkumar Sundaram wrote:
> Currently, the RSSI dBm conversion event handler leaves struct
> ath12k_wmi_rssi_dbm_conv_info_arg uninitialized on the stack before
> calling the TLV parser. If one of the optional sub-TLVs is absent, the
> corresponding *_present flag retains stack garbage and later gets read
> in ath12k_wmi_update_rssi_offsets(). With UBSAN enabled this triggers an
> invalid-load report for _Bool:
> 
> [...]

Applied, thanks!

[1/1] wifi: ath12k: initialize RSSI dBm conversion event state
      commit: 81594a12d5cecb3ab35b603a00037c7c3ee87ab2

Best regards,
-- 
Jeff Johnson <jeff.johnson@oss.qualcomm.com>


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-05-04 14:21 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-27 10:30 [PATCH ath-next] wifi: ath12k: initialize RSSI dBm conversion event state Rameshkumar Sundaram
2026-04-28  2:54 ` Baochen Qiang
2026-05-04 14:21 ` Jeff Johnson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox