UBSAN warns if use_chanctx but not implement ops get_txpower(), because
sdata->vif.bss_conf.txpower is still INT_MIN during ieee80211_register_hw().
To fix this simply, return error to indicate dbm is invalid, and then
doesn't report the value to user space at that moment.
UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5
-2147483648 * 100 cannot be represented in type 'int'
CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE
Call Trace:
dump_stack+0x74/0x92
ubsan_epilogue+0x9/0x50
handle_overflow+0x8d/0xd0
? nla_put+0x5e/0xc0
__ubsan_handle_mul_overflow+0xe/0x10
nl80211_send_iface+0x688/0x6b0 [cfg80211]
? __alloc_skb+0x9b/0x1f0
nl80211_notify_iface+0x4d/0xb0 [cfg80211]
cfg80211_register_wdev+0x78/0xb0 [cfg80211]
cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211]
? _raw_spin_unlock_bh+0x1e/0x20
? igmp6_group_added+0x6f/0xe0
? _raw_spin_unlock_bh+0x1e/0x20
? mld_del_delrec+0xf8/0x170
? __ipv6_dev_mc_inc+0x1fe/0x460
? ipv6_dev_mc_inc+0x10/0x20
? ipv6_add_dev+0x476/0x630
? addrconf_notify+0x31a/0xcf0
? inetdev_init+0x11a/0x1d0
? inetdev_event+0x4c2/0x640
? skb_dequeue+0x60/0x70
raw_notifier_call_chain+0x5c/0xa0
call_netdevice_notifiers_info+0x52/0xb0
register_netdevice+0x53e/0x640
ieee80211_if_add+0x60e/0x8f0 [mac80211]
ieee80211_register_hw+0xda5/0x1170 [mac80211]
? ieee80211_register_hw+0xda5/0x1170 [mac80211]
? rtw89_regd_init+0xf0/0xf0 [rtw89_core]
rtw89_core_register+0x206/0x860 [rtw89_core]
rtw89_pci_probe+0x7fe/0xce0 [rtw89_pci]
local_pci_probe+0x47/0xa0
Cc: Zong-Zhe Yang <[email protected]>
Signed-off-by: Ping-Ke Shih <[email protected]>
---
net/mac80211/cfg.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index f5d43f42f6d8a..d70198420e527 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -3033,6 +3033,10 @@ static int ieee80211_get_tx_power(struct wiphy *wiphy,
else
*dbm = sdata->vif.bss_conf.txpower;
+ /* With use_chanctx, txpower could be INT_MIN causing UBSAN warning. */
+ if (*dbm == INT_MIN)
+ return -EINVAL;
+
return 0;
}
--
2.25.1