drivers/net/wireless/mediatek/mt76/mt7915/mcu.c:1856 mt7915_mcu_beacon_mbss() warn: potential spectre issue 'sub_elem->data' [r] (local cap)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: drivers/net/wireless/mediatek/mt76/mt7915/mcu.c:1856 mt7915_mcu_beacon_mbss() warn: potential spectre issue 'sub_elem->data' [r] (local cap)
Date: Tue, 16 Aug 2022 15:14:12 +0800	[thread overview]
Message-ID: <202208161511.rEgEmjDF-lkp@intel.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 5348 bytes --]

BCC: lkp(a)intel.com
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Lorenzo Bianconi <lorenzo@kernel.org>
CC: Felix Fietkau <nbd@nbd.name>
CC: Ryder Lee <ryder.lee@mediatek.com>
CC: Money Wang <money.wang@mediatek.com>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   568035b01cfb107af8d2e4bd2fb9aea22cf5b868
commit: 6b7f9aff7c673989c6adf601c7e3f3684d5acd44 mt76: mt7915: introduce 802.11ax multi-bss support
date:   5 months ago
:::::: branch date: 32 hours ago
:::::: commit date: 5 months ago
config: ia64-randconfig-m031-20220814 (https://download.01.org/0day-ci/archive/20220816/202208161511.rEgEmjDF-lkp(a)intel.com/config)
compiler: ia64-linux-gcc (GCC) 12.1.0

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

New smatch warnings:
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c:1856 mt7915_mcu_beacon_mbss() warn: potential spectre issue 'sub_elem->data' [r] (local cap)
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c:1848 mt7915_mcu_beacon_mbss() warn: potential spectre issue 'elem->data' [r] (local cap)

Old smatch warnings:
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c:3540 mt7915_mcu_get_rx_rate() warn: potential spectre issue 'sband->bitrates' [r]

vim +1856 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c

e57b7901469fc0 Ryder Lee        2020-04-25  1827  
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1828  static void
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1829  mt7915_mcu_beacon_mbss(struct sk_buff *rskb, struct sk_buff *skb,
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1830  		       struct ieee80211_vif *vif, struct bss_info_bcn *bcn,
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1831  		       struct ieee80211_mutable_offsets *offs)
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1832  {
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1833  	struct bss_info_bcn_mbss *mbss;
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1834  	const struct element *elem;
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1835  	struct tlv *tlv;
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1836  
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1837  	if (!vif->bss_conf.bssid_indicator)
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1838  		return;
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1839  
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1840  	tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_MBSSID,
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1841  					   sizeof(*mbss), &bcn->sub_ntlv,
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1842  					   &bcn->len);
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1843  
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1844  	mbss = (struct bss_info_bcn_mbss *)tlv;
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1845  	mbss->offset[0] = cpu_to_le16(offs->tim_offset);
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1846  	mbss->bitmap = cpu_to_le32(1);
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1847  
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15 @1848  	for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID,
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1849  			    &skb->data[offs->mbssid_off],
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1850  			    skb->len - offs->mbssid_off) {
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1851  		const struct element *sub_elem;
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1852  
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1853  		if (elem->datalen < 2)
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1854  			continue;
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1855  
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15 @1856  		for_each_element(sub_elem, elem->data + 1, elem->datalen - 1) {
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1857  			const u8 *data;
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1858  
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1859  			if (sub_elem->id || sub_elem->datalen < 4)
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1860  				continue; /* not a valid BSS profile */
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1861  
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1862  			/* Find WLAN_EID_MULTI_BSSID_IDX
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1863  			 * in the merged nontransmitted profile
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1864  			 */
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1865  			data = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX,
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1866  						sub_elem->data,
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1867  						sub_elem->datalen);
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1868  			if (!data || data[1] < 1 || !data[2])
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1869  				continue;
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1870  
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1871  			mbss->offset[data[2]] = cpu_to_le16(data - skb->data);
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1872  			mbss->bitmap |= cpu_to_le32(BIT(data[2]));
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1873  		}
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1874  	}
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1875  }
6b7f9aff7c6739 Lorenzo Bianconi 2022-03-15  1876  

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

next             reply	other threads:[~2022-08-16  7:14 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-16  7:14 kernel test robot [this message]
  -- strict thread matches above, loose matches on Subject: below --
2022-12-08  4:28 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c:1856 mt7915_mcu_beacon_mbss() warn: potential spectre issue 'sub_elem->data' [r] (local cap) kernel test robot
2022-08-18  5:03 kernel test robot
2022-08-15  8:26 kernel test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202208161511.rEgEmjDF-lkp@intel.com \
    --to=lkp@intel.com \
    --cc=kbuild@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.