Skip to content

AP_GPS: downgrade fix status when reported location is uninitialised#33142

Open
dakejahl wants to merge 1 commit into
ArduPilot:masterfrom
dakejahl:fix/ap-gps-reject-uninitialised-location
Open

AP_GPS: downgrade fix status when reported location is uninitialised#33142
dakejahl wants to merge 1 commit into
ArduPilot:masterfrom
dakejahl:fix/ap-gps-reject-uninitialised-location

Conversation

@dakejahl
Copy link
Copy Markdown
Contributor

@dakejahl dakejahl commented May 21, 2026

Summary

A GPS backend publishing status >= FIX_2D with lat == lng == 0 is a contract violation. Observed from a ublox M9N behind a DroneCAN node during cold start under jamming/spoofing. Catch it once in AP_GPS::update_instance() so no downstream consumer latches (0,0).

Supersedes #33141 and #33135.

Problem

AP_GPS::update_instance() publishes whatever each backend writes into state[i]. When the (status, location) pair is inconsistent, the bad coordinates flow straight through to AP_AHRS_DCM (latches (0,0) as the dead-reckoning origin), the DroneCAN re-broadcast, Lua scripts via gps:location(), and anything else that gates only on status >= FIX_2D.

Solution

In update_instance(), immediately after a successful read() and before fix-timing accounting, downgrade state[i].status to NONE when status >= FIX_2D && lat == 0 && lng == 0. One chokepoint, no per-consumer churn. Inline comment explains the observed conditions.

@dakejahl
AP_GPS: downgrade fix status when reported location is uninitialised
b7cc4c1 
A backend publishing status>=FIX_2D with lat==lng==0 is reporting a
lock it does not have. Squash to NONE in update_instance() before any
downstream consumer reads state[], so AHRS, the EKF, terrain, arming,
set_home, Lua bindings and the DroneCAN re-broadcast cannot latch
(0,0). See the inline comment for the observed conditions and the
other backends reachable with the same shape.
dakejahl
dakejahl commented May 21, 2026
View reviewed changes
Comment thread libraries/AP_GPS/AP_GPS.cpp
// the AP_DroneCAN GPS re-broadcast safe with one check. We use
// a direct lat==0 && lng==0 predicate rather than
// Location::initialised() because the latter also treats
// (0, 0, alt!=0) as initialised, which a spoofer can produce.
Copy link
Copy Markdown
Contributor Author

@dakejahl dakejahl May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@peterbarker

with a really big comment explaining what you've seen!

Claude really took the suggestion seriously 😂

@tpwrules
Copy link
Copy Markdown
Contributor

tpwrules commented May 21, 2026
edited
Loading

You say this is easy to replicate, can you get a bus data trace to confirm this is what's happening? There is this funny waf --enable-gps-logging which IIRC writes the serial stream from the GPS to a file on the SD card. This would let us decode the packets and confirm the GPS is fibbing.

It's easy to believe the GPS may also fib its last known location in RAM or other similar things. This might be something that just can't be defended against.

@dakejahl
Copy link
Copy Markdown
Contributor Author

dakejahl commented May 21, 2026

You say this is easy to replicate, can you get a bus data trace to confirm this is what's happening?

Yeah I'll test again during normal hours when the production line is running.

This might be something that just can't be defended against.

Right, but we could try to minimize the fallout, terrain tile cache seeding and dead reckoning reference location. There's probably more, that's just what Claude flagged. Anyway this all fell out of some QGC warning spam I saw while working on something tangential, figured I'd try to patch the issue at the source rather than just fixing QGC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dakejahl @tpwrules