Commit 708243c6 authored by Antonio Quartulli's avatar Antonio Quartulli Committed by Johannes Berg
Browse files

wifi: mac80211: fix unassigned variable access 



In ieee80211_latest_active_link_conn_timeout() we loop over all
sta->links in order to compute the timeout expiring last across
all links.

Such timeout is stored in `latest_timeout` which is used in the
time_after() comparison before having been initialized.

Fix this behaviour by initializing the variable to `jiffies` and
adapt surrouding conditions accordingly.

Note that the caller assumed latest_timeout to be 0 if no active
link was found. This is not appropriate because jiffies=0 is a
valid (and recurrent, although not often) point in time.
By using `jiffies` as default value for latest_timeout, we can
fix the caller as well.

Address-Coverity-ID: 1647986 ("Uninitialized variables (UNINIT)")
Fixes: 1bc892d7 ("wifi: mac80211: extend connection monitoring for MLO")
Signed-off-by: default avatarAntonio Quartulli <antonio@mandelbit.com>
Link: https://patch.msgid.link/20250722120634.3501-1-antonio@mandelbit.com


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 69fdb084

net/mac80211/mlme.c

+3 −4
Original line number Diff line number Diff line
@@ -8521,7 +8521,7 @@ static void ieee80211_sta_bcn_mon_timer(struct timer_list *t) 
static unsigned long

ieee80211_latest_active_link_conn_timeout(struct ieee80211_sub_if_data *sdata)

{

	unsigned long latest_timeout;

	unsigned long latest_timeout = jiffies;

	unsigned int link_id;

	struct sta_info *sta;
@@ -8554,8 +8554,7 @@ ieee80211_latest_active_link_conn_timeout(struct ieee80211_sub_if_data *sdata) 
		 * is still active, and it is scheduled to fire at

		 * the latest possible timeout.

		 */

		if (time_is_after_jiffies(timeout) &&

		    time_after(timeout, latest_timeout))

		if (time_after(timeout, latest_timeout))

			latest_timeout = timeout;

	}
@@ -8579,7 +8578,7 @@ static void ieee80211_sta_conn_mon_timer(struct timer_list *t) 
	 * If latest timeout is after now, then update timer to fire at

	 * the later date, but do not actually probe at this time.

	 */

	if (latest_timeout) {

	if (time_is_after_jiffies(latest_timeout)) {

		mod_timer(&ifmgd->conn_mon_timer,

			  round_jiffies_up(latest_timeout));

		return;