From: Dan Carpenter <dan.carpenter@oracle.com>
To: ryder.lee@mediatek.com
Cc: linux-wireless@vger.kernel.org, linux-mediatek@lists.infradead.org
Subject: [bug report] mt76: mt7615: fix CSA notification for DBDC
Date: Wed, 21 Apr 2021 13:20:10 +0300 [thread overview]
Message-ID: <YH/8WvgUZtp51WEP@mwanda> (raw)
Hello Ryder Lee,
The patch 402a695b1ae6: "mt76: mt7615: fix CSA notification for DBDC"
from Feb 27, 2021, leads to the following static checker warning:
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c:385 mt7615_mcu_rx_csa_notify()
error: undefined (user controlled) shift '(((1))) << (c->omac_idx)'
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
376 static void
377 mt7615_mcu_rx_csa_notify(struct mt7615_dev *dev, struct sk_buff *skb)
378 {
379 struct mt7615_phy *ext_phy = mt7615_ext_phy(dev);
380 struct mt76_phy *mphy = &dev->mt76.phy;
381 struct mt7615_mcu_csa_notify *c;
382
383 c = (struct mt7615_mcu_csa_notify *)skb->data;
^ ^^^^^^^^^
c is random data from the network
384
385 if (ext_phy && ext_phy->omac_mask & BIT_ULL(c->omac_idx))
^^^^^^^^^^^
Any value more than 61 will lead to undefined behavior. (shift wrapping
mostly).
386 mphy = dev->mt76.phy2;
387
388 ieee80211_iterate_active_interfaces_atomic(mphy->hw,
389 IEEE80211_IFACE_ITER_RESUME_ALL,
390 mt7615_mcu_csa_finish, mphy->hw);
391 }
regards,
dan carpenter
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: ryder.lee@mediatek.com
Cc: linux-wireless@vger.kernel.org, linux-mediatek@lists.infradead.org
Subject: [bug report] mt76: mt7615: fix CSA notification for DBDC
Date: Wed, 21 Apr 2021 13:20:10 +0300 [thread overview]
Message-ID: <YH/8WvgUZtp51WEP@mwanda> (raw)
Hello Ryder Lee,
The patch 402a695b1ae6: "mt76: mt7615: fix CSA notification for DBDC"
from Feb 27, 2021, leads to the following static checker warning:
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c:385 mt7615_mcu_rx_csa_notify()
error: undefined (user controlled) shift '(((1))) << (c->omac_idx)'
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
376 static void
377 mt7615_mcu_rx_csa_notify(struct mt7615_dev *dev, struct sk_buff *skb)
378 {
379 struct mt7615_phy *ext_phy = mt7615_ext_phy(dev);
380 struct mt76_phy *mphy = &dev->mt76.phy;
381 struct mt7615_mcu_csa_notify *c;
382
383 c = (struct mt7615_mcu_csa_notify *)skb->data;
^ ^^^^^^^^^
c is random data from the network
384
385 if (ext_phy && ext_phy->omac_mask & BIT_ULL(c->omac_idx))
^^^^^^^^^^^
Any value more than 61 will lead to undefined behavior. (shift wrapping
mostly).
386 mphy = dev->mt76.phy2;
387
388 ieee80211_iterate_active_interfaces_atomic(mphy->hw,
389 IEEE80211_IFACE_ITER_RESUME_ALL,
390 mt7615_mcu_csa_finish, mphy->hw);
391 }
regards,
dan carpenter
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
next reply other threads:[~2021-04-21 10:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-21 10:20 Dan Carpenter [this message]
2021-04-21 10:20 ` [bug report] mt76: mt7615: fix CSA notification for DBDC Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YH/8WvgUZtp51WEP@mwanda \
--to=dan.carpenter@oracle.com \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=ryder.lee@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.