From nobody Mon Feb 9 18:18:24 2026 Received: from forward100d.mail.yandex.net (forward100d.mail.yandex.net [178.154.239.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 428DC1F30A4; Mon, 9 Feb 2026 03:03:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=178.154.239.211 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770606186; cv=none; b=mcyvo/TKamsbAVDgmBbVq9hxGw+uoU+5C++d7NgylsJDiyM7iSZujXKxiPfLDkVPGjZDUrJrYJPiiCBh4AGCT6SrnQPARugcQYoebo215qLRj0P+2L56KwPHgrJWaka+Yc3N00MdYhPh7I+sQPHM2QhNZC0b0o4x6udSrJ9vudw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770606186; c=relaxed/simple; bh=XV2WYtg7J8m9mPREpomkceBNFkGNsrTbN7bAzToa4Ho=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=u4YKYNHquIAt6RkQYV1Jz1rEaoOxx57Ug1U+SixfrB3D/safIQJYi9P/2WjQCQKH6ny+yOS+5gLgGTlPRHpogzCvXQbz5v/6Ukkc/uGua/qR8Hm5DaVPyha3IWIyrSVsH3TNeE3KegDFN7GnEYVwrpPXa5GD/+y8W2x8VwtwQG8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=yandex.ru; spf=pass smtp.mailfrom=yandex.ru; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b=LqtkhmxF; arc=none smtp.client-ip=178.154.239.211 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=yandex.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=yandex.ru Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b="LqtkhmxF" Received: from mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net (mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net [IPv6:2a02:6b8:c0c:190d:0:640:bab5:0]) by forward100d.mail.yandex.net (Yandex) with ESMTPS id E2C82C005B; Mon, 09 Feb 2026 06:02:56 +0300 (MSK) Received: by mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net (smtp/Yandex) with ESMTPSA id s2H8uoNGO0U0-duZv1Cca; Mon, 09 Feb 2026 06:02:56 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1770606176; bh=+RQwyoKmfRyBBXSU6RgQl8En3RjfT4P9NFlE8zO5JL0=; h=Message-ID:Date:In-Reply-To:Cc:Subject:References:To:From; b=LqtkhmxFJf95LWbUkQIgbDTbPu1pziIZ8zwzLm/2yLF+cG1MNEOoqlMRlsp6AJEKS NoGkb1JqZgdcHk5f8UNPqZTicLbfuW74g1uPH4gPvwkwlCNdJuE7GPLcPsBkB6upmL IfU53r7FbweOKWTVh59uiC6Qwrl8W06x0yaK8KZ4= Authentication-Results: mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net; dkim=pass header.i=@yandex.ru From: m.limarencko@yandex.ru To: jjohnson@kernel.org Cc: linux-wireless@vger.kernel.org, ath12k@lists.infradead.org, linux-kernel@vger.kernel.org, Mikhail Limarenko Subject: [PATCH ath-next 1/4] wifi: ath12k: validate survey index when frequency is not found Date: Mon, 9 Feb 2026 06:02:40 +0300 Message-ID: <20260209030243.1530075-2-m.limarencko@yandex.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260209030243.1530075-1-m.limarencko@yandex.ru> References: <20260209030243.1530075-1-m.limarencko@yandex.ru> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Mikhail Limarenko freq_to_idx() currently returns a monotonic index even when the frequency was never matched. In chan info paths this can lead to out-of-bounds survey indexing for unexpected frequency events. Return -EINVAL on no match and make callers reject negative indexes. Tested-on: QCNFA765 (WCN785x), kernel 6.18.5+deb13-amd64 Signed-off-by: Mikhail Limarenko --- drivers/net/wireless/ath/ath12k/wmi.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/a= th/ath12k/wmi.c index e647b84..422e3f8 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.c +++ b/drivers/net/wireless/ath/ath12k/wmi.c @@ -6520,7 +6520,7 @@ static int freq_to_idx(struct ath12k *ar, int freq) if (!sband) continue; =20 - for (ch =3D 0; ch < sband->n_channels; ch++, idx++) { + for (ch =3D 0; ch < sband->n_channels; ch++) { if (sband->channels[ch].center_freq < KHZ_TO_MHZ(ar->freq_range.start_freq) || sband->channels[ch].center_freq > @@ -6528,12 +6528,13 @@ static int freq_to_idx(struct ath12k *ar, int freq) continue; =20 if (sband->channels[ch].center_freq =3D=3D freq) - goto exit; + return idx; + + idx++; } } =20 -exit: - return idx; + return -EINVAL; } =20 static int ath12k_pull_chan_info_ev(struct ath12k_base *ab, struct sk_buff= *skb, @@ -7475,7 +7476,7 @@ static void ath12k_chan_info_event(struct ath12k_base= *ab, struct sk_buff *skb) } =20 idx =3D freq_to_idx(ar, le32_to_cpu(ch_info_ev.freq)); - if (idx >=3D ARRAY_SIZE(ar->survey)) { + if (idx < 0 || idx >=3D ARRAY_SIZE(ar->survey)) { ath12k_warn(ab, "chan info: invalid frequency %d (idx %d out of bounds)\= n", ch_info_ev.freq, idx); goto exit; @@ -7550,7 +7551,7 @@ ath12k_pdev_bss_chan_info_event(struct ath12k_base *a= b, struct sk_buff *skb) =20 spin_lock_bh(&ar->data_lock); idx =3D freq_to_idx(ar, le32_to_cpu(bss_ch_info_ev.freq)); - if (idx >=3D ARRAY_SIZE(ar->survey)) { + if (idx < 0 || idx >=3D ARRAY_SIZE(ar->survey)) { ath12k_warn(ab, "bss chan info: invalid frequency %d (idx %d out of boun= ds)\n", bss_ch_info_ev.freq, idx); goto exit; --=20 2.47.3 From nobody Mon Feb 9 18:18:24 2026 Received: from forward103d.mail.yandex.net (forward103d.mail.yandex.net [178.154.239.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 217BB1D6193; Mon, 9 Feb 2026 03:03:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=178.154.239.214 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770606186; cv=none; b=EBfpD/ak3PIr0jCd82d6xhdLH6TFW8zrYUTysOnDb9BF3SGGt4zU3AIX8llClK4EME2mMaHGNbe0uyxlszLdULYeYCaONiE4zSMf9F1XwIG3xcTrHZfQW5I0KTYq4KUqWGoFyEe7gPvJLI1yqkxSBWgruzIzGMaVQeOJ350VwNk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770606186; c=relaxed/simple; bh=rcvmteF2gb00/oqKLKmzLGtIPzHXzW289FycTseOWss=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OVdJNlbjGs3d9CMhN4V3UUPilC9ZCmmSMn+aNQxgrORF464n5g8DdzrS+ipmS9AP8IijQiURg4+jFFsglhyqDPPdTZWQB/TwGQVWbK2r4+vQH1uElSIDC4ChCPTUbJDuhJ3t1jrrcCF96HM4jvT6WjsedyceK6Ofti3tbAnYpMk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=yandex.ru; spf=pass smtp.mailfrom=yandex.ru; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b=qZ67900V; arc=none smtp.client-ip=178.154.239.214 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=yandex.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=yandex.ru Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b="qZ67900V" Received: from mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net (mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net [IPv6:2a02:6b8:c0c:190d:0:640:bab5:0]) by forward103d.mail.yandex.net (Yandex) with ESMTPS id 83227C008A; Mon, 09 Feb 2026 06:02:57 +0300 (MSK) Received: by mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net (smtp/Yandex) with ESMTPSA id s2H8uoNGO0U0-saJhHZHk; Mon, 09 Feb 2026 06:02:57 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1770606177; bh=58gkicXTfl/yMiEWBrqSzSMvFG/0h6/5ysLXoi5qXWA=; h=Message-ID:Date:In-Reply-To:Cc:Subject:References:To:From; b=qZ67900VQUsFfavFUU6Pf9RAn0BWh9ElivON3SIo8mPp4RYgwA7FO0D2/czMwSeLF cX5AbzPSS29BluZQxd9JLgw6sX+wOHPRSsmkE0FWFY0nGDmwKZddl/NTuGp+RVFS8r N6r6S+I1NYJMyCeGNm/tX0xBi3YYc1Gd7BDbDszY= Authentication-Results: mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net; dkim=pass header.i=@yandex.ru From: m.limarencko@yandex.ru To: jjohnson@kernel.org Cc: linux-wireless@vger.kernel.org, ath12k@lists.infradead.org, linux-kernel@vger.kernel.org, Mikhail Limarenko Subject: [PATCH ath-next 2/4] wifi: ath12k: avoid long fw_stats waits on vdev stats hot path Date: Mon, 9 Feb 2026 06:02:41 +0300 Message-ID: <20260209030243.1530075-3-m.limarencko@yandex.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260209030243.1530075-1-m.limarencko@yandex.ru> References: <20260209030243.1530075-1-m.limarencko@yandex.ru> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Mikhail Limarenko Station info requests can trigger frequent VDEV stat pulls from user space (iw/NM polling). On affected firmware, waiting 3 seconds for fw_stats_done causes repeated stalls and visible hitches. Use a short timeout for VDEV_STAT requests and skip unnecessary waits for stats types that do not need completion synchronization. Tested-on: QCNFA765 (WCN785x), kernel 6.18.5+deb13-amd64 Signed-off-by: Mikhail Limarenko --- drivers/net/wireless/ath/ath12k/mac.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/a= th/ath12k/mac.c index 095b49a..1b550e9 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -4829,6 +4829,7 @@ int ath12k_mac_get_fw_stats(struct ath12k *ar, { struct ath12k_base *ab =3D ar->ab; struct ath12k_hw *ah =3D ath12k_ar_to_ah(ar); + unsigned long done_timeout =3D 3 * HZ; unsigned long time_left; int ret; =20 @@ -4859,15 +4860,32 @@ int ath12k_mac_get_fw_stats(struct ath12k *ar, return -ETIMEDOUT; } =20 + /* VDEV stats are queried frequently from station info paths (e.g. iw/NM). + * On buggy firmware this path can timeout repeatedly and block callers f= or + * multiple seconds; keep the hot path responsive while preserving behavi= or + * for other stats types. + */ + if (param->stats_id & WMI_REQUEST_VDEV_STAT) + done_timeout =3D msecs_to_jiffies(200); + + /* Non-vdev/bcn stats are handled in a single event. */ + if (!(param->stats_id & (WMI_REQUEST_VDEV_STAT | WMI_REQUEST_BCN_STAT))) + return 0; + /* Firmware sends WMI_UPDATE_STATS_EVENTID back-to-back * when stats data buffer limit is reached. fw_stats_complete * is completed once host receives first event from firmware, but * still there could be more events following. Below is to wait * until firmware completes sending all the events. */ - time_left =3D wait_for_completion_timeout(&ar->fw_stats_done, 3 * HZ); + time_left =3D wait_for_completion_timeout(&ar->fw_stats_done, done_timeou= t); if (!time_left) { - ath12k_warn(ab, "time out while waiting for fw stats done\n"); + if (param->stats_id & WMI_REQUEST_VDEV_STAT) + ath12k_dbg(ab, ATH12K_DBG_WMI, + "time out while waiting for fw stats done (stats_id 0x%x)\n", + param->stats_id); + else + ath12k_warn(ab, "time out while waiting for fw stats done\n"); return -ETIMEDOUT; } =20 --=20 2.47.3 From nobody Mon Feb 9 18:18:24 2026 Received: from forward101d.mail.yandex.net (forward101d.mail.yandex.net [178.154.239.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF6B122836C; Mon, 9 Feb 2026 03:03:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=178.154.239.212 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770606186; cv=none; b=FtkHqLNRerYQkjhga6sV5Elv7FiFcQWHSX9i02pAQ9Jrn+ccWStu+CC63zcYLwJD7ZcXaP7WnZsS6XL423FSo1qBaFUPaRt31q7EEhm8iZyWqcUG5SYSj1xBZOHD7s2na3gvpT4BK8Dm89Cu2HZYPrSs41nUmqkT94gAz4Xa1Qg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770606186; c=relaxed/simple; bh=yiIjT8QBpch/u0ui/vy8LKtqe7lHi4xzIoxFhBemH7s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=o9m9xmbYxc9XSiVKbYTIXtY+qWpRC6CXHdjsUNsNDUEJq9cQUiSy6QI/YF8NROONed99ulz4+PtlGfsr0SEPUp+fJdgnpqlumQEEbkFNsS5XwmKj91YMYyQ+gHjHU7t1xcsWbl5TPxBWUgIYIt0w6yMZgArcO+TzfPPfLSaafk4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=yandex.ru; spf=pass smtp.mailfrom=yandex.ru; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b=bZCmoPnr; arc=none smtp.client-ip=178.154.239.212 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=yandex.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=yandex.ru Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b="bZCmoPnr" Received: from mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net (mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net [IPv6:2a02:6b8:c0c:190d:0:640:bab5:0]) by forward101d.mail.yandex.net (Yandex) with ESMTPS id 407DBC007A; Mon, 09 Feb 2026 06:02:58 +0300 (MSK) Received: by mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net (smtp/Yandex) with ESMTPSA id s2H8uoNGO0U0-mHKt1Oao; Mon, 09 Feb 2026 06:02:57 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1770606177; bh=vhPBz7+tj7yd+44S6wLmgT5a0ZZddDSRoKD28qCw7Ps=; h=Message-ID:Date:In-Reply-To:Cc:Subject:References:To:From; b=bZCmoPnr/0ZZ5DNdGx5ZUaLOr2AHCQ8Wl5WAAJoXcz6YDM74fJQH9g/4kaVcapoBC 7+j3Oal/+vsOwJ6dJVgzFH5SFUgBljoFaWafkqkH+NRCRNVaxypZ5hTdlznaZj+YLu YImDJgkIsWmyzzOGj1stgHvY2Psgd0hNQwaqpvsY= Authentication-Results: mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net; dkim=pass header.i=@yandex.ru From: m.limarencko@yandex.ru To: jjohnson@kernel.org Cc: linux-wireless@vger.kernel.org, ath12k@lists.infradead.org, linux-kernel@vger.kernel.org, Mikhail Limarenko Subject: [PATCH ath-next 3/4] wifi: ath12k: sanitize invalid MCS metadata in rx path Date: Mon, 9 Feb 2026 06:02:42 +0300 Message-ID: <20260209030243.1530075-4-m.limarencko@yandex.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260209030243.1530075-1-m.limarencko@yandex.ru> References: <20260209030243.1530075-1-m.limarencko@yandex.ru> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Mikhail Limarenko Malformed or unsupported rate metadata from firmware can carry invalid MCS values into mac80211 status handling. This was observed with HE MCS=3D12 and coincided with ieee80211_rx_list warnings. When MCS is out of range, fall back to legacy metadata and use ratelimited diagnostics. Tested-on: QCNFA765 (WCN785x), kernel 6.18.5+deb13-amd64 Signed-off-by: Mikhail Limarenko --- drivers/net/wireless/ath/ath12k/dp_rx.c | 39 +++++++++++++++---------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/dp_rx.c b/drivers/net/wireless= /ath/ath12k/dp_rx.c index 99d29ed..f0c56a9 100644 --- a/drivers/net/wireless/ath/ath12k/dp_rx.c +++ b/drivers/net/wireless/ath/ath12k/dp_rx.c @@ -2534,9 +2534,11 @@ static void ath12k_dp_rx_h_rate(struct ath12k *ar, s= truct ath12k_dp_rx_info *rx_ case RX_MSDU_START_PKT_TYPE_11N: rx_status->encoding =3D RX_ENC_HT; if (rate_mcs > ATH12K_HT_MCS_MAX) { - ath12k_warn(ar->ab, - "Received with invalid mcs in HT mode %d\n", - rate_mcs); + dev_warn_ratelimited(ar->ab->dev, + "ath12k: invalid HT mcs %u, forcing legacy rate metadata\n", + rate_mcs); + rx_status->encoding =3D RX_ENC_LEGACY; + rx_status->rate_idx =3D 0; break; } rx_status->rate_idx =3D rate_mcs + (8 * (nss - 1)); @@ -2546,42 +2548,47 @@ static void ath12k_dp_rx_h_rate(struct ath12k *ar, = struct ath12k_dp_rx_info *rx_ break; case RX_MSDU_START_PKT_TYPE_11AC: rx_status->encoding =3D RX_ENC_VHT; - rx_status->rate_idx =3D rate_mcs; if (rate_mcs > ATH12K_VHT_MCS_MAX) { - ath12k_warn(ar->ab, - "Received with invalid mcs in VHT mode %d\n", - rate_mcs); + dev_warn_ratelimited(ar->ab->dev, + "ath12k: invalid VHT mcs %u, forcing legacy rate metadata\n", + rate_mcs); + rx_status->encoding =3D RX_ENC_LEGACY; + rx_status->rate_idx =3D 0; break; } + rx_status->rate_idx =3D rate_mcs; rx_status->nss =3D nss; if (sgi) rx_status->enc_flags |=3D RX_ENC_FLAG_SHORT_GI; rx_status->bw =3D ath12k_mac_bw_to_mac80211_bw(bw); break; case RX_MSDU_START_PKT_TYPE_11AX: - rx_status->rate_idx =3D rate_mcs; if (rate_mcs > ATH12K_HE_MCS_MAX) { - ath12k_warn(ar->ab, - "Received with invalid mcs in HE mode %d\n", - rate_mcs); + dev_warn_ratelimited(ar->ab->dev, + "ath12k: invalid HE mcs %u, forcing legacy rate metadata\n", + rate_mcs); + rx_status->encoding =3D RX_ENC_LEGACY; + rx_status->rate_idx =3D 0; break; } rx_status->encoding =3D RX_ENC_HE; + rx_status->rate_idx =3D rate_mcs; rx_status->nss =3D nss; rx_status->he_gi =3D ath12k_he_gi_to_nl80211_he_gi(sgi); rx_status->bw =3D ath12k_mac_bw_to_mac80211_bw(bw); break; case RX_MSDU_START_PKT_TYPE_11BE: - rx_status->rate_idx =3D rate_mcs; - if (rate_mcs > ATH12K_EHT_MCS_MAX) { - ath12k_warn(ar->ab, - "Received with invalid mcs in EHT mode %d\n", - rate_mcs); + dev_warn_ratelimited(ar->ab->dev, + "ath12k: invalid EHT mcs %u, forcing legacy rate metadata\n", + rate_mcs); + rx_status->encoding =3D RX_ENC_LEGACY; + rx_status->rate_idx =3D 0; break; } =20 rx_status->encoding =3D RX_ENC_EHT; + rx_status->rate_idx =3D rate_mcs; rx_status->nss =3D nss; rx_status->eht.gi =3D ath12k_mac_eht_gi_to_nl80211_eht_gi(sgi); rx_status->bw =3D ath12k_mac_bw_to_mac80211_bw(bw); --=20 2.47.3 From nobody Mon Feb 9 18:18:24 2026 Received: from forward103a.mail.yandex.net (forward103a.mail.yandex.net [178.154.239.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F501301485; Mon, 9 Feb 2026 03:03:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=178.154.239.86 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770606188; cv=none; b=lYCBQ3IoC+zsl+Mik2XrOTB7BQIIcr8c8iQCcZaYLsSyishnYRowEb4otsushsuNv/ocUzb32Clsdvn3OUxUCwrNkjoHRKcV3xYMZZnPBWhXU0XhkuklilxDFJPsseMorrmJrFDJC8M84ARnfDTCpXpmc6IUV0zMP7tBHVJ4xxw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770606188; c=relaxed/simple; bh=i8e0Z5t7th9323WCkMyYpegZ/+lKN0RTpwAEcQcJNzs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QRjxExyj647VFDcLcqxj0+7j+IDeq8JJ6KiRDx6RlJQILwamFZV6n8VSo+ILe9VEI8muhqS9ykNFQ1gYCtRYbW5z92LyxIBrO0ovneyLSPG/iRVa/C04VNyJtzr6THUkWoXKVV/YMFWnh3z2MHf5vVCa//My8OxX6sbaWqwpyDU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=yandex.ru; spf=pass smtp.mailfrom=yandex.ru; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b=CjtLErJe; arc=none smtp.client-ip=178.154.239.86 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=yandex.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=yandex.ru Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=yandex.ru header.i=@yandex.ru header.b="CjtLErJe" Received: from mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net (mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net [IPv6:2a02:6b8:c0c:190d:0:640:bab5:0]) by forward103a.mail.yandex.net (Yandex) with ESMTPS id E9CE88087F; Mon, 09 Feb 2026 06:02:58 +0300 (MSK) Received: by mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net (smtp/Yandex) with ESMTPSA id s2H8uoNGO0U0-dI9Bbd29; Mon, 09 Feb 2026 06:02:58 +0300 X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1770606178; bh=l2rzyeifuTvLESFEtUsG8awO2sxZc/zhl6syNBHYDnA=; h=Message-ID:Date:In-Reply-To:Cc:Subject:References:To:From; b=CjtLErJesnAQ45HNe2kQZFyrnYE/fDffNbvekhw7czZzP4QK+JRQQg+YIuBqyt/4c yFkuAR7RIvC8n8wBP3BQMjmYsyCftIwsrEWNyM/xVr5p3vvO6lL+GKvXJ0EZqMi6K+ LpnQIlKtcMcSA4pRiy/eRq9kmFvYpn2nY8eGi9+Y= Authentication-Results: mail-nwsmtp-smtp-production-main-92.iva.yp-c.yandex.net; dkim=pass header.i=@yandex.ru From: m.limarencko@yandex.ru To: jjohnson@kernel.org Cc: linux-wireless@vger.kernel.org, ath12k@lists.infradead.org, linux-kernel@vger.kernel.org, Mikhail Limarenko Subject: [PATCH ath-next 4/4] wifi: ath12k: sanitize invalid MCS metadata in monitor rx path Date: Mon, 9 Feb 2026 06:02:43 +0300 Message-ID: <20260209030243.1530075-5-m.limarencko@yandex.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260209030243.1530075-1-m.limarencko@yandex.ru> References: <20260209030243.1530075-1-m.limarencko@yandex.ru> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Mikhail Limarenko Apply the same invalid-MCS hardening in monitor path status conversion to keep metadata handling consistent in both data and monitor pipelines. Tested-on: QCNFA765 (WCN785x), kernel 6.18.5+deb13-amd64 Signed-off-by: Mikhail Limarenko --- drivers/net/wireless/ath/ath12k/dp_mon.c | 38 ++++++++++++++---------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/dp_mon.c b/drivers/net/wireles= s/ath/ath12k/dp_mon.c index 009c495..6e894ef 100644 --- a/drivers/net/wireless/ath/ath12k/dp_mon.c +++ b/drivers/net/wireless/ath/ath12k/dp_mon.c @@ -1922,9 +1922,11 @@ ath12k_dp_mon_fill_rx_rate(struct ath12k *ar, case RX_MSDU_START_PKT_TYPE_11N: rx_status->encoding =3D RX_ENC_HT; if (rate_mcs > ATH12K_HT_MCS_MAX) { - ath12k_warn(ar->ab, - "Received with invalid mcs in HT mode %d\n", - rate_mcs); + dev_warn_ratelimited(ar->ab->dev, + "ath12k: invalid HT mcs %u in monitor path, forcing legacy rate = metadata\n", + rate_mcs); + rx_status->encoding =3D RX_ENC_LEGACY; + rx_status->rate_idx =3D 0; break; } rx_status->rate_idx =3D rate_mcs + (8 * (nss - 1)); @@ -1933,35 +1935,41 @@ ath12k_dp_mon_fill_rx_rate(struct ath12k *ar, break; case RX_MSDU_START_PKT_TYPE_11AC: rx_status->encoding =3D RX_ENC_VHT; - rx_status->rate_idx =3D rate_mcs; if (rate_mcs > ATH12K_VHT_MCS_MAX) { - ath12k_warn(ar->ab, - "Received with invalid mcs in VHT mode %d\n", - rate_mcs); + dev_warn_ratelimited(ar->ab->dev, + "ath12k: invalid VHT mcs %u in monitor path, forcing legacy rate= metadata\n", + rate_mcs); + rx_status->encoding =3D RX_ENC_LEGACY; + rx_status->rate_idx =3D 0; break; } + rx_status->rate_idx =3D rate_mcs; if (sgi) rx_status->enc_flags |=3D RX_ENC_FLAG_SHORT_GI; break; case RX_MSDU_START_PKT_TYPE_11AX: - rx_status->rate_idx =3D rate_mcs; if (rate_mcs > ATH12K_HE_MCS_MAX) { - ath12k_warn(ar->ab, - "Received with invalid mcs in HE mode %d\n", - rate_mcs); + dev_warn_ratelimited(ar->ab->dev, + "ath12k: invalid HE mcs %u in monitor path, forcing legacy rate = metadata\n", + rate_mcs); + rx_status->encoding =3D RX_ENC_LEGACY; + rx_status->rate_idx =3D 0; break; } + rx_status->rate_idx =3D rate_mcs; rx_status->encoding =3D RX_ENC_HE; rx_status->he_gi =3D ath12k_he_gi_to_nl80211_he_gi(sgi); break; case RX_MSDU_START_PKT_TYPE_11BE: - rx_status->rate_idx =3D rate_mcs; if (rate_mcs > ATH12K_EHT_MCS_MAX) { - ath12k_warn(ar->ab, - "Received with invalid mcs in EHT mode %d\n", - rate_mcs); + dev_warn_ratelimited(ar->ab->dev, + "ath12k: invalid EHT mcs %u in monitor path, forcing legacy rate= metadata\n", + rate_mcs); + rx_status->encoding =3D RX_ENC_LEGACY; + rx_status->rate_idx =3D 0; break; } + rx_status->rate_idx =3D rate_mcs; rx_status->encoding =3D RX_ENC_EHT; rx_status->he_gi =3D ath12k_he_gi_to_nl80211_he_gi(sgi); break; --=20 2.47.3