From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Wen Gong <quic_wgong@quicinc.com>,
Kalle Valo <quic_kvalo@quicinc.com>,
Sasha Levin <sashal@kernel.org>,
kvalo@kernel.org, quic_jjohnson@quicinc.com,
ath12k@lists.infradead.org, linux-wireless@vger.kernel.org
Subject: [PATCH AUTOSEL 6.5 17/45] wifi: ath12k: avoid array overflow of hw mode for preferred_hw_mode
Date: Fri, 8 Sep 2023 14:12:58 -0400 [thread overview]
Message-ID: <20230908181327.3459042-17-sashal@kernel.org> (raw)
In-Reply-To: <20230908181327.3459042-1-sashal@kernel.org>
From: Wen Gong <quic_wgong@quicinc.com>
[ Upstream commit 1e9b1363e2de1552ee4e3d74ac8bb43a194f1cb4 ]
Currently ath12k define WMI_HOST_HW_MODE_DBS_OR_SBS=5 as max hw mode
for enum wmi_host_hw_mode_config_type, it is also same for the array
ath12k_hw_mode_pri_map.
When tested with new version firmware/board data which support new
hw mode eMLSR mode with hw mode value 8, it leads overflow usage for
array ath12k_hw_mode_pri_map in function ath12k_wmi_hw_mode_caps(),
and then lead preferred_hw_mode changed to 8, and finally function
ath12k_pull_mac_phy_cap_svc_ready_ext() select the capability of hw
mode 8, but the capability of eMLSR mode report from firmware does
not support 2.4 GHz band for WCN7850, so finally 2.4 GHz band is
disabled.
Skip the hw mode which exceeds WMI_HOST_HW_MODE_MAX in function
ath12k_wmi_hw_mode_caps() helps to avoid array overflow, then the 2.4
GHz band will not be disabled.
This is to keep compatibility with newer version firmware/board data
files, this change is still needed after ath12k add eMLSR hw mode 8 in
array ath12k_hw_mode_pri_map and enum wmi_host_hw_mode_config_type,
because more hw mode maybe added in next firmware/board data version
e.g hw mode 9, then it will also lead new array overflow without this
change.
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230714072405.28705-1-quic_wgong@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath12k/wmi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c
index 4928e4e916603..4f378f06e946e 100644
--- a/drivers/net/wireless/ath/ath12k/wmi.c
+++ b/drivers/net/wireless/ath/ath12k/wmi.c
@@ -3704,6 +3704,10 @@ static int ath12k_wmi_hw_mode_caps(struct ath12k_base *soc,
for (i = 0 ; i < svc_rdy_ext->n_hw_mode_caps; i++) {
hw_mode_caps = &svc_rdy_ext->hw_mode_caps[i];
mode = le32_to_cpu(hw_mode_caps->hw_mode_id);
+
+ if (mode >= WMI_HOST_HW_MODE_MAX)
+ continue;
+
pref = soc->wmi_ab.preferred_hw_mode;
if (ath12k_hw_mode_pri_map[mode] < ath12k_hw_mode_pri_map[pref]) {
--
2.40.1
next prev parent reply other threads:[~2023-09-08 18:17 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-08 18:12 [PATCH AUTOSEL 6.5 01/45] spi: sun6i: add quirk for dual and quad SPI modes support Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 02/45] devlink: remove reload failed checks in params get/set callbacks Sasha Levin
2023-09-08 21:27 ` Jakub Kicinski
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 03/45] crypto: lrw,xts - Replace strlcpy with strscpy Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 04/45] regulator: max77857: Add ADI MAX77857/59/MAX77831 Regulator Support Sasha Levin
2023-09-08 23:16 ` Mark Brown
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 05/45] net: stmmac: use per-queue 64 bit statistics where necessary Sasha Levin
2023-09-13 14:43 ` Jisheng Zhang
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 06/45] ice: Don't tx before switchdev is fully configured Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 07/45] wifi: ath9k: fix fortify warnings Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 08/45] wifi: ath9k: fix printk specifier Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 09/45] wifi: rtw88: delete timer and free skb queue when unloading Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 10/45] wifi: mwifiex: fix fortify warning Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 11/45] mt76: mt7921: don't assume adequate headroom for SDIO headers Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 12/45] wifi: wil6210: fix fortify warnings Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 13/45] can: sun4i_can: Add acceptance register quirk Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 14/45] can: sun4i_can: Add support for the Allwinner D1 Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 15/45] net: Use sockaddr_storage for getsockopt(SO_PEERNAME) Sasha Levin
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 16/45] wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan() Sasha Levin
2023-09-08 18:12 ` Sasha Levin [this message]
2023-09-08 18:12 ` [PATCH AUTOSEL 6.5 18/45] net/ipv4: return the real errno instead of -EINVAL Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 19/45] net: annotate data-races around sock->ops Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 20/45] crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 21/45] Bluetooth: btusb: Add device 0489:e0f5 as MT7922 device Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 22/45] Bluetooth: btusb: Add a new VID/PID 0489/e0f6 for MT7922 Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 23/45] Bluetooth: btusb: Add new VID/PID 0489/e102 " Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 24/45] Bluetooth: btusb: Add new VID/PID 04ca/3804 " Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 25/45] Bluetooth: Fix hci_suspend_sync crash Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 26/45] Bluetooth: btusb: Add support for another MediaTek 7922 VID/PID Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 27/45] netlink: convert nlk->flags to atomic flags Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 28/45] tpm_tis: Resend command to recover from data transfer errors Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 29/45] mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450 Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 30/45] alx: fix OOB-read compiler warning Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 31/45] wifi: iwlwifi: pcie: avoid a warning in case prepare card failed Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 32/45] wifi: mac80211: check S1G action frame size Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 33/45] netfilter: ebtables: fix fortify warnings in size_entry_mwt() Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 34/45] wifi: cfg80211: reject auth/assoc to AP with our address Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 35/45] wifi: cfg80211: ocb: don't leave if not joined Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 36/45] wifi: mac80211: check for station first in client probe Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 37/45] wifi: mac80211_hwsim: drop short frames Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 38/45] Revert "wifi: mac80211_hwsim: check the return value of nla_put_u32" Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 39/45] libbpf: Free btf_vmlinux when closing bpf_object Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 40/45] wifi: ath12k: Fix memory leak in rx_desc and tx_desc Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 41/45] Bluetooth: btusb: Fix quirks table naming Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 42/45] wifi: ath12k: add check max message length while scanning with extraie Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 43/45] Fix nomenclature for USB and PCI wireless devices Sasha Levin
2023-09-08 19:12 ` Alan Stern
2023-09-08 21:31 ` Greg Kroah-Hartman
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 44/45] bpf: Consider non-owning refs trusted Sasha Levin
2023-09-08 18:13 ` [PATCH AUTOSEL 6.5 45/45] bpf: Consider non-owning refs to refcounted nodes RCU protected Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230908181327.3459042-17-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ath12k@lists.infradead.org \
--cc=kvalo@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=quic_jjohnson@quicinc.com \
--cc=quic_kvalo@quicinc.com \
--cc=quic_wgong@quicinc.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).