[ath:ath12k-mlo-qcn9274 64/81] drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15

All of lore.kernel.org
 help / color / mirror / Atom feed

From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com, Dan Carpenter <error27@gmail.com>
Subject: [ath:ath12k-mlo-qcn9274 64/81] drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15
Date: Wed, 9 Oct 2024 06:45:01 +0800	[thread overview]
Message-ID: <202410090633.yjfmlMkr-lkp@intel.com> (raw)

BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: Jeff Johnson <jjohnson@kernel.org>
CC: Kalle Valo <kvalo@kernel.org>
CC: ath12k@lists.infradead.org
TO: Sriram R <quic_srirrama@quicinc.com>
CC: Kalle Valo <quic_kvalo@quicinc.com>
CC: Rameshkumar Sundaram <quic_ramess@quicinc.com>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/ath/ath.git ath12k-mlo-qcn9274
head:   7435d14d41d5d479a5e6a8a2cd4efdac9d928823
commit: 8e3d460d4c16e52a70ebfa7e1dd0bd20bf739888 [64/81] wifi: ath12k: Use mac80211 vif's link conf instead of bss_conf
:::::: branch date: 5 hours ago
:::::: commit date: 5 days ago
config: csky-randconfig-r072-20241008 (https://download.01.org/0day-ci/archive/20241009/202410090633.yjfmlMkr-lkp@intel.com/config)
compiler: csky-linux-gcc (GCC) 14.1.0

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202410090633.yjfmlMkr-lkp@intel.com/

New smatch warnings:
drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15

Old smatch warnings:
drivers/net/wireless/ath/ath12k/mac.c:1479 ath12k_mac_set_arvif_ies() warn: potential spectre issue 'nontx->data' [r] (local cap)
drivers/net/wireless/ath/ath12k/mac.c:1467 ath12k_mac_set_arvif_ies() warn: potential spectre issue 'elem->data' [r] (local cap)
drivers/net/wireless/ath/ath12k/mac.c:4589 ath12k_mac_op_set_key() error: uninitialized symbol 'ret'.
drivers/net/wireless/ath/ath12k/mac.c:5793 ath12k_conf_tx_uapsd() error: uninitialized symbol 'value'.
drivers/net/wireless/ath/ath12k/mac.c:5795 ath12k_conf_tx_uapsd() error: uninitialized symbol 'value'.
drivers/net/wireless/ath/ath12k/mac.c:10895 ath12k_mac_destroy() error: we previously assumed 'ab' could be null (see line 10884)
drivers/net/wireless/ath/ath12k/mac.c:10962 ath12k_mac_allocate() error: uninitialized symbol 'ab'.

vim +517 drivers/net/wireless/ath/ath12k/mac.c

d889913205cf7e Kalle Valo 2022-11-28  506  
8e3d460d4c16e5 Sriram R   2024-08-16  507  struct ieee80211_bss_conf *ath12k_get_link_bss_conf(struct ath12k_link_vif *arvif)
8e3d460d4c16e5 Sriram R   2024-08-16  508  {
8e3d460d4c16e5 Sriram R   2024-08-16  509  	struct ieee80211_vif *vif = arvif->ahvif->vif;
8e3d460d4c16e5 Sriram R   2024-08-16  510  	struct ieee80211_bss_conf *link_conf;
8e3d460d4c16e5 Sriram R   2024-08-16  511  	/* ieee80211_vif->link_conf[]s are rcu objects which requires rcu_read_lock()
8e3d460d4c16e5 Sriram R   2024-08-16  512  	 * to be held for safe access.
8e3d460d4c16e5 Sriram R   2024-08-16  513  	 */
8e3d460d4c16e5 Sriram R   2024-08-16  514  	if (arvif->link_id > IEEE80211_MLD_MAX_NUM_LINKS)
8e3d460d4c16e5 Sriram R   2024-08-16  515  		return NULL;
8e3d460d4c16e5 Sriram R   2024-08-16  516  	rcu_read_lock();
8e3d460d4c16e5 Sriram R   2024-08-16 @517  	link_conf = rcu_dereference(vif->link_conf[arvif->link_id]);
8e3d460d4c16e5 Sriram R   2024-08-16  518  	rcu_read_unlock();
8e3d460d4c16e5 Sriram R   2024-08-16  519  	return link_conf;
8e3d460d4c16e5 Sriram R   2024-08-16  520  }
8e3d460d4c16e5 Sriram R   2024-08-16  521  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

next             reply	other threads:[~2024-10-08 22:45 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-08 22:45 kernel test robot [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-10-09 11:14 [ath:ath12k-mlo-qcn9274 64/81] drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15 Dan Carpenter
2024-11-04 20:19 ` Kalle Valo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202410090633.yjfmlMkr-lkp@intel.com \
    --to=lkp@intel.com \
    --cc=error27@gmail.com \
    --cc=oe-kbuild@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.