From: Rahul Bhattacharjee <quic_rbhattac@quicinc.com>
To: <ath11k@lists.infradead.org>
Cc: <linux-wireless@vger.kernel.org>,
Rahul Bhattacharjee <quic_rbhattac@quicinc.com>
Subject: [PATCH] wifi: ath11k: Fix qmi_msg_handler data structure initialization
Date: Fri, 21 Oct 2022 14:31:26 +0530 [thread overview]
Message-ID: <20221021090126.28626-1-quic_rbhattac@quicinc.com> (raw)
qmi_msg_handler is required to be null terminated by QMI module.
There might be a case where a handler for a msg id is not present in the
handlers array which can lead to infinite loop while searching the handler
and therefore out of bound access in qmi_invoke_handler().
Hence update the initialization in qmi_msg_handler data structure.
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01100-QCAHKSWPL_SILICONZ-1
Signed-off-by: Rahul Bhattacharjee <quic_rbhattac@quicinc.com>
---
drivers/net/wireless/ath/ath11k/qmi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c
index 145f20a681bd..bda4921208cc 100644
--- a/drivers/net/wireless/ath/ath11k/qmi.c
+++ b/drivers/net/wireless/ath/ath11k/qmi.c
@@ -3090,6 +3090,7 @@ static const struct qmi_msg_handler ath11k_qmi_msg_handlers[] = {
sizeof(struct qmi_wlfw_fw_init_done_ind_msg_v01),
.fn = ath11k_qmi_msg_fw_init_done_cb,
},
+ {/* end of list */}
};
static int ath11k_qmi_ops_new_server(struct qmi_handle *qmi_hdl,
base-commit: 087c436cbc8b1bf3d3bc7ea94d6757d74ea2f470
--
2.38.0
WARNING: multiple messages have this Message-ID (diff)
From: Rahul Bhattacharjee <quic_rbhattac@quicinc.com>
To: <ath11k@lists.infradead.org>
Cc: <linux-wireless@vger.kernel.org>,
Rahul Bhattacharjee <quic_rbhattac@quicinc.com>
Subject: [PATCH] wifi: ath11k: Fix qmi_msg_handler data structure initialization
Date: Fri, 21 Oct 2022 14:31:26 +0530 [thread overview]
Message-ID: <20221021090126.28626-1-quic_rbhattac@quicinc.com> (raw)
qmi_msg_handler is required to be null terminated by QMI module.
There might be a case where a handler for a msg id is not present in the
handlers array which can lead to infinite loop while searching the handler
and therefore out of bound access in qmi_invoke_handler().
Hence update the initialization in qmi_msg_handler data structure.
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01100-QCAHKSWPL_SILICONZ-1
Signed-off-by: Rahul Bhattacharjee <quic_rbhattac@quicinc.com>
---
drivers/net/wireless/ath/ath11k/qmi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c
index 145f20a681bd..bda4921208cc 100644
--- a/drivers/net/wireless/ath/ath11k/qmi.c
+++ b/drivers/net/wireless/ath/ath11k/qmi.c
@@ -3090,6 +3090,7 @@ static const struct qmi_msg_handler ath11k_qmi_msg_handlers[] = {
sizeof(struct qmi_wlfw_fw_init_done_ind_msg_v01),
.fn = ath11k_qmi_msg_fw_init_done_cb,
},
+ {/* end of list */}
};
static int ath11k_qmi_ops_new_server(struct qmi_handle *qmi_hdl,
base-commit: 087c436cbc8b1bf3d3bc7ea94d6757d74ea2f470
--
2.38.0
--
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
next reply other threads:[~2022-10-21 9:01 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-21 9:01 Rahul Bhattacharjee [this message]
2022-10-21 9:01 ` [PATCH] wifi: ath11k: Fix qmi_msg_handler data structure initialization Rahul Bhattacharjee
2022-10-26 19:46 ` Joseph S. Barrera III
2022-10-26 19:46 ` Joseph S. Barrera III
2022-10-28 10:44 ` Kalle Valo
2022-10-28 10:44 ` Kalle Valo
2022-10-28 10:49 ` Rahul Bhattacharjee
2022-10-28 10:49 ` Rahul Bhattacharjee
2022-10-28 13:25 ` Joseph S. Barrera III
2022-10-28 13:25 ` Joseph S. Barrera III
2022-11-02 15:53 ` Kalle Valo
2022-11-02 15:53 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221021090126.28626-1-quic_rbhattac@quicinc.com \
--to=quic_rbhattac@quicinc.com \
--cc=ath11k@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.