Linux wireless drivers development
 help / color / mirror / Atom feed
From: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
To: Alexander Wilhelm <alexander.wilhelm@westermo.com>,
	Jeff Johnson <jjohnson@kernel.org>
Cc: linux-wireless@vger.kernel.org, ath12k@lists.infradead.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] wifi: ath12k: fix scan command endianness on big endian
Date: Fri, 3 Jul 2026 16:18:32 +0800	[thread overview]
Message-ID: <afbff608-a005-43c4-af76-968a58bf0cc3@oss.qualcomm.com> (raw)
In-Reply-To: <20260703-fix-channel-list-copy-v2-1-372c39306d79@westermo.com>



On 7/3/2026 3:35 PM, Alexander Wilhelm wrote:
> ath12k_wmi_scan_req_arg stores scan parameters in CPU-native byte order,
> while ath12k_wmi_send_scan_start_cmd() writes them into a WMI command
> buffer whose contents must be in little-endian format. The existing code
> copies the channel list and writes s_ssid and hint_bssid related values to
> the command buffer without endian conversion. As a result, scan requests
> contain invalid parameters on big-endian systems and fail.
> 
> Convert the channel list as well as the s_ssid and hint_bssid related
> values to little-endian before writing them to the WMI command buffer. This
> preserves the existing behaviour on little-endian systems while fixing scan
> requests on big-endian architectures.
> 
> Signed-off-by: Alexander Wilhelm <alexander.wilhelm@westermo.com>
> ---
> Changes in v2:
> - Rebase on latest ath/master
> - Use additional __le32 conversion for s_ssid and hint_bssid related values
> - Reword commit message and description
> - Link to v1: https://lore.kernel.org/r/20260629-fix-channel-list-copy-v1-1-5ab826c46d7c@westermo.com
> ---
>  drivers/net/wireless/ath/ath12k/wmi.c | 20 ++++++++++++--------
>  drivers/net/wireless/ath/ath12k/wmi.h | 10 ++++++++++
>  2 files changed, 22 insertions(+), 8 deletions(-)
> 
> diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c
> index ad739bffcf88..4dab6eee80a1 100644
> --- a/drivers/net/wireless/ath/ath12k/wmi.c
> +++ b/drivers/net/wireless/ath/ath12k/wmi.c
> @@ -2637,9 +2637,10 @@ int ath12k_wmi_send_scan_start_cmd(struct ath12k *ar,
>  	struct wmi_tlv *tlv;
>  	void *ptr;
>  	int i, ret, len;
> -	u32 *tmp_ptr, extraie_len_with_pad = 0;
> -	struct ath12k_wmi_hint_short_ssid_arg *s_ssid = NULL;
> -	struct ath12k_wmi_hint_bssid_arg *hint_bssid = NULL;
> +	__le32 *tmp_ptr;
> +	u32 extraie_len_with_pad = 0;
> +	struct ath12k_wmi_hint_short_ssid_params *s_ssid = NULL;
> +	struct ath12k_wmi_hint_bssid_params *hint_bssid = NULL;
>  
>  	len = sizeof(*cmd);
>  
> @@ -2722,9 +2723,10 @@ int ath12k_wmi_send_scan_start_cmd(struct ath12k *ar,
>  	tlv = ptr;
>  	tlv->header = ath12k_wmi_tlv_hdr(WMI_TAG_ARRAY_UINT32, len);
>  	ptr += TLV_HDR_SIZE;
> -	tmp_ptr = (u32 *)ptr;
> +	tmp_ptr = (__le32 *)ptr;
>  
> -	memcpy(tmp_ptr, arg->chan_list, arg->num_chan * 4);
> +	for (i = 0; i < arg->num_chan; i++)
> +		tmp_ptr[i] = cpu_to_le32(arg->chan_list[i]);
>  
>  	ptr += len;
>  
> @@ -2780,8 +2782,10 @@ int ath12k_wmi_send_scan_start_cmd(struct ath12k *ar,
>  		ptr += TLV_HDR_SIZE;
>  		s_ssid = ptr;
>  		for (i = 0; i < arg->num_hint_s_ssid; ++i) {
> -			s_ssid->freq_flags = arg->hint_s_ssid[i].freq_flags;
> -			s_ssid->short_ssid = arg->hint_s_ssid[i].short_ssid;
> +			s_ssid->freq_flags =
> +				cpu_to_le32(arg->hint_s_ssid[i].freq_flags);
> +			s_ssid->short_ssid =
> +				cpu_to_le32(arg->hint_s_ssid[i].short_ssid);
>  			s_ssid++;
>  		}
>  		ptr += len;
> @@ -2795,7 +2799,7 @@ int ath12k_wmi_send_scan_start_cmd(struct ath12k *ar,
>  		hint_bssid = ptr;
>  		for (i = 0; i < arg->num_hint_bssid; ++i) {
>  			hint_bssid->freq_flags =
> -				arg->hint_bssid[i].freq_flags;
> +				cpu_to_le32(arg->hint_bssid[i].freq_flags);
>  			ether_addr_copy(&arg->hint_bssid[i].bssid.addr[0],
>  					&hint_bssid->bssid.addr[0]);

the src and dst are wrongly swapped, should be

ether_addr_copy(&hint_bssid->bssid.addr[0], &arg->hint_bssid[i].bssid.addr[0]);

However since this is a pre-exising issue and not related to endian handling, not sure if
we should fix it as well in the same patch.

Jeff, your thought?

>  			hint_bssid++;
> diff --git a/drivers/net/wireless/ath/ath12k/wmi.h b/drivers/net/wireless/ath/ath12k/wmi.h
> index 51f3426e1fcd..52e6068d9a64 100644
> --- a/drivers/net/wireless/ath/ath12k/wmi.h
> +++ b/drivers/net/wireless/ath/ath12k/wmi.h
> @@ -3556,6 +3556,16 @@ struct ath12k_wmi_hint_bssid_arg {
>  	struct ath12k_wmi_mac_addr_params bssid;
>  };
>  
> +struct ath12k_wmi_hint_short_ssid_params {
> +	__le32 freq_flags;
> +	__le32 short_ssid;
> +};
> +
> +struct ath12k_wmi_hint_bssid_params {
> +	__le32 freq_flags;
> +	struct ath12k_wmi_mac_addr_params bssid;
> +};
> +
>  struct ath12k_wmi_scan_req_arg {
>  	u32 scan_id;
>  	u32 scan_req_id;
> 
> ---
> base-commit: fa1b1469f1c5f0f54ed9dab80106a117e7736bfd
> change-id: 20260317-fix-channel-list-copy-cef5cad24fb6
> 
> Best regards,


      parent reply	other threads:[~2026-07-03  8:18 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-03  7:35 [PATCH v2] wifi: ath12k: fix scan command endianness on big endian Alexander Wilhelm
2026-07-03  7:46 ` Baochen Qiang
2026-07-03  8:18 ` Baochen Qiang [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=afbff608-a005-43c4-af76-968a58bf0cc3@oss.qualcomm.com \
    --to=baochen.qiang@oss.qualcomm.com \
    --cc=alexander.wilhelm@westermo.com \
    --cc=ath12k@lists.infradead.org \
    --cc=jjohnson@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox