Commit 81594a12 authored Apr 27, 2026 by Rameshkumar Sundaram Committed by Jeff Johnson May 04, 2026

wifi: ath12k: initialize RSSI dBm conversion event state



Currently, the RSSI dBm conversion event handler leaves struct
ath12k_wmi_rssi_dbm_conv_info_arg uninitialized on the stack before
calling the TLV parser. If one of the optional sub-TLVs is absent, the
corresponding *_present flag retains stack garbage and later gets read
in ath12k_wmi_update_rssi_offsets(). With UBSAN enabled this triggers an
invalid-load report for _Bool:

UBSAN: invalid-load in drivers/net/wireless/ath/ath12k/wmi.c:9682:15
load of value 9 is not a valid value for type '_Bool'
Call Trace:
 ath12k_wmi_rssi_dbm_conversion_params_info_event.cold+0x72/0x85 [ath12k]
 ath12k_wmi_op_rx+0x1871/0x2ab0 [ath12k]
 ath12k_htc_rx_completion_handler+0x44b/0x810 [ath12k]
 ath12k_ce_recv_process_cb+0x554/0x9f0 [ath12k]
 ath12k_ce_per_engine_service+0xbe/0xf0 [ath12k]
 ath12k_pci_ce_workqueue+0x69/0x120 [ath12k]

Initialize the parsed event state to zero before passing it to the TLV
parser so missing sub-TLVs correctly leave the presence flags false.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1

Fixes: 0314ee81 ("wifi: ath12k: handle WMI event for real noise floor calculation")
Signed-off-by: Rameshkumar Sundaram <rameshkumar.sundaram@oss.qualcomm.com>
Reviewed-by: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
Link: https://patch.msgid.link/20260427103011.2983269-1-rameshkumar.sundaram@oss.qualcomm.com


Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>

parent 05c5078d

drivers/net/wireless/ath/ath12k/wmi.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -9778,7 +9778,7 @@ static void
		ath12k_wmi_rssi_dbm_conversion_params_info_event(struct ath12k_base *ab,
		struct sk_buff *skb)
		{
		struct ath12k_wmi_rssi_dbm_conv_info_arg rssi_info;
		struct ath12k_wmi_rssi_dbm_conv_info_arg rssi_info = {};
		struct ath12k *ar;
		s32 noise_floor;
		u32 pdev_id;