From 708243c62efde8241e2c66e9c3f377658855149d Mon Sep 17 00:00:00 2001 From: Antonio Quartulli Date: Tue, 22 Jul 2025 14:06:34 +0200 Subject: [PATCH] wifi: mac80211: fix unassigned variable access In ieee80211_latest_active_link_conn_timeout() we loop over all sta->links in order to compute the timeout expiring last across all links. Such timeout is stored in `latest_timeout` which is used in the time_after() comparison before having been initialized. Fix this behaviour by initializing the variable to `jiffies` and adapt surrouding conditions accordingly. Note that the caller assumed latest_timeout to be 0 if no active link was found. This is not appropriate because jiffies=0 is a valid (and recurrent, although not often) point in time. By using `jiffies` as default value for latest_timeout, we can fix the caller as well. Address-Coverity-ID: 1647986 ("Uninitialized variables (UNINIT)") Fixes: 1bc892d76a6f ("wifi: mac80211: extend connection monitoring for MLO") Signed-off-by: Antonio Quartulli Link: https://patch.msgid.link/20250722120634.3501-1-antonio@mandelbit.com Signed-off-by: Johannes Berg --- net/mac80211/mlme.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index b4b7ea52c65e0..1008eb8e9b13b 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -8521,7 +8521,7 @@ static void ieee80211_sta_bcn_mon_timer(struct timer_list *t) static unsigned long ieee80211_latest_active_link_conn_timeout(struct ieee80211_sub_if_data *sdata) { - unsigned long latest_timeout; + unsigned long latest_timeout = jiffies; unsigned int link_id; struct sta_info *sta; @@ -8554,8 +8554,7 @@ ieee80211_latest_active_link_conn_timeout(struct ieee80211_sub_if_data *sdata) * is still active, and it is scheduled to fire at * the latest possible timeout. */ - if (time_is_after_jiffies(timeout) && - time_after(timeout, latest_timeout)) + if (time_after(timeout, latest_timeout)) latest_timeout = timeout; } @@ -8579,7 +8578,7 @@ static void ieee80211_sta_conn_mon_timer(struct timer_list *t) * If latest timeout is after now, then update timer to fire at * the later date, but do not actually probe at this time. */ - if (latest_timeout) { + if (time_is_after_jiffies(latest_timeout)) { mod_timer(&ifmgd->conn_mon_timer, round_jiffies_up(latest_timeout)); return; -- 2.47.2