diff mbox series

wifi: ath12k: avoid array overflow of hw mode for preferred_hw_mode

Message ID 20230714072405.28705-1-quic_wgong@quicinc.com (mailing list archive)
State Accepted
Commit 1e9b1363e2de1552ee4e3d74ac8bb43a194f1cb4
Delegated to: Kalle Valo
Headers show
Series wifi: ath12k: avoid array overflow of hw mode for preferred_hw_mode | expand

Commit Message

Wen Gong July 14, 2023, 7:24 a.m. UTC
Currently ath12k define WMI_HOST_HW_MODE_DBS_OR_SBS=5 as max hw mode
for enum wmi_host_hw_mode_config_type, it is also same for the array
ath12k_hw_mode_pri_map.

When tested with new version firmware/board data which support new
hw mode eMLSR mode with hw mode value 8, it leads overflow usage for
array ath12k_hw_mode_pri_map in function ath12k_wmi_hw_mode_caps(),
and then lead preferred_hw_mode changed to 8, and finally function
ath12k_pull_mac_phy_cap_svc_ready_ext() select the capability of hw
mode 8, but the capability of eMLSR mode report from firmware does
not support 2.4 GHz band for WCN7850, so finally 2.4 GHz band is
disabled.

Skip the hw mode which exceeds WMI_HOST_HW_MODE_MAX in function
ath12k_wmi_hw_mode_caps() helps to avoid array overflow, then the 2.4
GHz band will not be disabled.

This is to keep compatibility with newer version firmware/board data
files, this change is still needed after ath12k add eMLSR hw mode 8 in
array ath12k_hw_mode_pri_map and enum wmi_host_hw_mode_config_type,
because more hw mode maybe added in next firmware/board data version
e.g hw mode 9, then it will also lead new array overflow without this
change.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
---
 drivers/net/wireless/ath/ath12k/wmi.c | 4 ++++
 1 file changed, 4 insertions(+)


base-commit: 0a00db612b6df1fad80485e3642529d1f28ea084

Comments

Kalle Valo Aug. 2, 2023, 4:58 p.m. UTC | #1
Wen Gong <quic_wgong@quicinc.com> wrote:

> Currently ath12k define WMI_HOST_HW_MODE_DBS_OR_SBS=5 as max hw mode
> for enum wmi_host_hw_mode_config_type, it is also same for the array
> ath12k_hw_mode_pri_map.
> 
> When tested with new version firmware/board data which support new
> hw mode eMLSR mode with hw mode value 8, it leads overflow usage for
> array ath12k_hw_mode_pri_map in function ath12k_wmi_hw_mode_caps(),
> and then lead preferred_hw_mode changed to 8, and finally function
> ath12k_pull_mac_phy_cap_svc_ready_ext() select the capability of hw
> mode 8, but the capability of eMLSR mode report from firmware does
> not support 2.4 GHz band for WCN7850, so finally 2.4 GHz band is
> disabled.
> 
> Skip the hw mode which exceeds WMI_HOST_HW_MODE_MAX in function
> ath12k_wmi_hw_mode_caps() helps to avoid array overflow, then the 2.4
> GHz band will not be disabled.
> 
> This is to keep compatibility with newer version firmware/board data
> files, this change is still needed after ath12k add eMLSR hw mode 8 in
> array ath12k_hw_mode_pri_map and enum wmi_host_hw_mode_config_type,
> because more hw mode maybe added in next firmware/board data version
> e.g hw mode 9, then it will also lead new array overflow without this
> change.
> 
> Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
> 
> Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>

Patch applied to ath-next branch of ath.git, thanks.

1e9b1363e2de wifi: ath12k: avoid array overflow of hw mode for preferred_hw_mode
diff mbox series

Patch

diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c
index 7ae0bb78b2b5..cef01148fc16 100644
--- a/drivers/net/wireless/ath/ath12k/wmi.c
+++ b/drivers/net/wireless/ath/ath12k/wmi.c
@@ -3701,6 +3701,10 @@  static int ath12k_wmi_hw_mode_caps(struct ath12k_base *soc,
 	for (i = 0 ; i < svc_rdy_ext->n_hw_mode_caps; i++) {
 		hw_mode_caps = &svc_rdy_ext->hw_mode_caps[i];
 		mode = le32_to_cpu(hw_mode_caps->hw_mode_id);
+
+		if (mode >= WMI_HOST_HW_MODE_MAX)
+			continue;
+
 		pref = soc->wmi_ab.preferred_hw_mode;
 
 		if (ath12k_hw_mode_pri_map[mode] < ath12k_hw_mode_pri_map[pref]) {