| Message ID | 20230203023636.4418-1-pkshih@realtek.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Johannes Berg |
| Headers | show |
| Series | wifi: mac80211: make ieee80211_get_tx_power() return error if tx_power is INT_MIN | expand |
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index f5d43f42f6d8a..d70198420e527 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -3033,6 +3033,10 @@ static int ieee80211_get_tx_power(struct wiphy *wiphy, else *dbm = sdata->vif.bss_conf.txpower; + /* With use_chanctx, txpower could be INT_MIN causing UBSAN warning. */ + if (*dbm == INT_MIN) + return -EINVAL; + return 0; }
UBSAN warns if use_chanctx but not implement ops get_txpower(), because sdata->vif.bss_conf.txpower is still INT_MIN during ieee80211_register_hw(). To fix this simply, return error to indicate dbm is invalid, and then doesn't report the value to user space at that moment. UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5 -2147483648 * 100 cannot be represented in type 'int' CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE Call Trace: dump_stack+0x74/0x92 ubsan_epilogue+0x9/0x50 handle_overflow+0x8d/0xd0 ? nla_put+0x5e/0xc0 __ubsan_handle_mul_overflow+0xe/0x10 nl80211_send_iface+0x688/0x6b0 [cfg80211] ? __alloc_skb+0x9b/0x1f0 nl80211_notify_iface+0x4d/0xb0 [cfg80211] cfg80211_register_wdev+0x78/0xb0 [cfg80211] cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211] ? _raw_spin_unlock_bh+0x1e/0x20 ? igmp6_group_added+0x6f/0xe0 ? _raw_spin_unlock_bh+0x1e/0x20 ? mld_del_delrec+0xf8/0x170 ? __ipv6_dev_mc_inc+0x1fe/0x460 ? ipv6_dev_mc_inc+0x10/0x20 ? ipv6_add_dev+0x476/0x630 ? addrconf_notify+0x31a/0xcf0 ? inetdev_init+0x11a/0x1d0 ? inetdev_event+0x4c2/0x640 ? skb_dequeue+0x60/0x70 raw_notifier_call_chain+0x5c/0xa0 call_netdevice_notifiers_info+0x52/0xb0 register_netdevice+0x53e/0x640 ieee80211_if_add+0x60e/0x8f0 [mac80211] ieee80211_register_hw+0xda5/0x1170 [mac80211] ? ieee80211_register_hw+0xda5/0x1170 [mac80211] ? rtw89_regd_init+0xf0/0xf0 [rtw89_core] rtw89_core_register+0x206/0x860 [rtw89_core] rtw89_pci_probe+0x7fe/0xce0 [rtw89_pci] local_pci_probe+0x47/0xa0 Cc: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> --- net/mac80211/cfg.c | 4 ++++ 1 file changed, 4 insertions(+)