Re: [PATCH wireless] wifi: mac80211_hwsim: avoid division by zero in mac80211_hwsim_write_tsf()

Next message: Paul E. McKenney: "Re: [PATCHv2 05/17] nvme: add Clang context annotations for nvme_ns_head::current_path"
Previous message: Mahad Ibrahim: "Re: [PATCH v2] fuse: replace passthrough backing-id IDR with a counter and hashtable"
In reply to: Hojun Choi: "Re: [PATCH] wifi: mac80211_hwsim: avoid division by zero in mac80211_hwsim_write_tsf()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Serhat Kumral

Date: Sat Jun 27 2026 - 13:14:27 EST

Thanks a lot for the independent confirmation and for tracking down the
exact mechanism -- the OOB read landing inside struct mac80211_hwsim_data
(via sband->bitrates = data->rates) explains precisely why KASAN stays
quiet. Appreciate you sharing the reproducer too.

On hardening ieee80211_get_tx_rate() centrally: I'd defer to Johannes on
the preferred direction, since it touches callers across several drivers
(ath5k, adm8211, and likely others) that currently dereference the
return value without a NULL check -- any change there needs an audit of
all of them, which felt out of scope for this fix. If it's considered
worth doing, I'd be happy to help with that audit.