From: coverity-bot <keescook@chromium.org>
To: Shayne Chen <shayne.chen@mediatek.com>
Cc: Lorenzo Bianconi <lorenzo@kernel.org>,
linux-wireless@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>,
Kalle Valo <kvalo@kernel.org>,
StanleyYP Wang <StanleyYP.Wang@mediatek.com>,
Matthias Brugger <matthias.bgg@gmail.com>,
Peter Chiu <chui-hao.chiu@mediatek.com>,
Eric Dumazet <edumazet@google.com>,
Money Wang <Money.Wang@mediatek.com>,
linux-arm-kernel@lists.infradead.org, netdev@vger.kernel.org,
Howard Hsu <howard-yh.hsu@mediatek.com>,
linux-mediatek@lists.infradead.org, Felix Fietkau <nbd@nbd.name>,
"David S. Miller" <davem@davemloft.net>,
Evelyn Tsai <evelyn.tsai@mediatek.com>,
linux-kernel@vger.kernel.org,
MeiChia Chiu <meichia.chiu@mediatek.com>,
Paolo Abeni <pabeni@redhat.com>,
Sean Wang <sean.wang@mediatek.com>,
Bo Jiao <Bo.Jiao@mediatek.com>,
Ryder Lee <ryder.lee@mediatek.com>,
Sujuan Chen <sujuan.chen@mediatek.com>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
linux-next@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Coverity: mt7996_mcu_rx_radar_detected(): Insecure data handling
Date: Fri, 2 Dec 2022 14:13:02 -0800 [thread overview]
Message-ID: <202212021413.392BADAF@keescook> (raw)
Hello!
This is an experimental semi-automated report about issues detected by
Coverity from a scan of next-20221202 as part of the linux-next scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan
You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by commits:
Thu Dec 1 17:29:14 2022 +0100
98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices")
Coverity reported the following:
*** CID 1527812: Insecure data handling (TAINTED_SCALAR)
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c:338 in mt7996_mcu_rx_radar_detected()
332 {
333 struct mt76_phy *mphy = &dev->mt76.phy;
334 struct mt7996_mcu_rdd_report *r;
335
336 r = (struct mt7996_mcu_rdd_report *)skb->data;
337
vvv CID 1527812: Insecure data handling (TAINTED_SCALAR)
vvv Using tainted variable "r->band_idx" as an index into an array "(*dev).mt76.phys".
338 mphy = dev->mt76.phys[r->band_idx];
339 if (!mphy)
340 return;
341
342 if (r->band_idx == MT_RX_SEL2)
343 cfg80211_background_radar_event(mphy->hw->wiphy,
If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):
Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1527812 ("Insecure data handling")
Fixes: 98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices")
Thanks for your attention!
--
Coverity-bot
WARNING: multiple messages have this Message-ID (diff)
From: coverity-bot <keescook@chromium.org>
To: Shayne Chen <shayne.chen@mediatek.com>
Cc: Lorenzo Bianconi <lorenzo@kernel.org>,
linux-wireless@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>,
Kalle Valo <kvalo@kernel.org>,
StanleyYP Wang <StanleyYP.Wang@mediatek.com>,
Matthias Brugger <matthias.bgg@gmail.com>,
Peter Chiu <chui-hao.chiu@mediatek.com>,
Eric Dumazet <edumazet@google.com>,
Money Wang <Money.Wang@mediatek.com>,
linux-arm-kernel@lists.infradead.org, netdev@vger.kernel.org,
Howard Hsu <howard-yh.hsu@mediatek.com>,
linux-mediatek@lists.infradead.org, Felix Fietkau <nbd@nbd.name>,
"David S. Miller" <davem@davemloft.net>,
Evelyn Tsai <evelyn.tsai@mediatek.com>,
linux-kernel@vger.kernel.org,
MeiChia Chiu <meichia.chiu@mediatek.com>,
Paolo Abeni <pabeni@redhat.com>,
Sean Wang <sean.wang@mediatek.com>,
Bo Jiao <Bo.Jiao@mediatek.com>,
Ryder Lee <ryder.lee@mediatek.com>,
Sujuan Chen <sujuan.chen@mediatek.com>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
linux-next@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Coverity: mt7996_mcu_rx_radar_detected(): Insecure data handling
Date: Fri, 2 Dec 2022 14:13:02 -0800 [thread overview]
Message-ID: <202212021413.392BADAF@keescook> (raw)
Hello!
This is an experimental semi-automated report about issues detected by
Coverity from a scan of next-20221202 as part of the linux-next scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan
You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by commits:
Thu Dec 1 17:29:14 2022 +0100
98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices")
Coverity reported the following:
*** CID 1527812: Insecure data handling (TAINTED_SCALAR)
drivers/net/wireless/mediatek/mt76/mt7996/mcu.c:338 in mt7996_mcu_rx_radar_detected()
332 {
333 struct mt76_phy *mphy = &dev->mt76.phy;
334 struct mt7996_mcu_rdd_report *r;
335
336 r = (struct mt7996_mcu_rdd_report *)skb->data;
337
vvv CID 1527812: Insecure data handling (TAINTED_SCALAR)
vvv Using tainted variable "r->band_idx" as an index into an array "(*dev).mt76.phys".
338 mphy = dev->mt76.phys[r->band_idx];
339 if (!mphy)
340 return;
341
342 if (r->band_idx == MT_RX_SEL2)
343 cfg80211_background_radar_event(mphy->hw->wiphy,
If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):
Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1527812 ("Insecure data handling")
Fixes: 98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices")
Thanks for your attention!
--
Coverity-bot
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2022-12-02 22:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-02 22:13 coverity-bot [this message]
2022-12-02 22:13 ` Coverity: mt7996_mcu_rx_radar_detected(): Insecure data handling coverity-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202212021413.392BADAF@keescook \
--to=keescook@chromium.org \
--cc=Bo.Jiao@mediatek.com \
--cc=Money.Wang@mediatek.com \
--cc=StanleyYP.Wang@mediatek.com \
--cc=chui-hao.chiu@mediatek.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=evelyn.tsai@mediatek.com \
--cc=gustavo@embeddedor.com \
--cc=howard-yh.hsu@mediatek.com \
--cc=kuba@kernel.org \
--cc=kvalo@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-next@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=lorenzo@kernel.org \
--cc=matthias.bgg@gmail.com \
--cc=meichia.chiu@mediatek.com \
--cc=nbd@nbd.name \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=ryder.lee@mediatek.com \
--cc=sean.wang@mediatek.com \
--cc=shayne.chen@mediatek.com \
--cc=sujuan.chen@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.