From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com, Dan Carpenter <error27@gmail.com>
Subject: [ath:ath12k-mlo-qcn9274 65/81] drivers/net/wireless/ath/ath12k/mac.c:534 ath12k_get_link_sta() error: buffer overflow 'sta->link' 15 <= 15
Date: Wed, 9 Oct 2024 11:25:58 +0800 [thread overview]
Message-ID: <202410091157.eMoYClhc-lkp@intel.com> (raw)
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: Jeff Johnson <jjohnson@kernel.org>
CC: Kalle Valo <kvalo@kernel.org>
CC: ath12k@lists.infradead.org
TO: Sriram R <quic_srirrama@quicinc.com>
CC: Kalle Valo <quic_kvalo@quicinc.com>
CC: Rameshkumar Sundaram <quic_ramess@quicinc.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/ath/ath.git ath12k-mlo-qcn9274
head: 7435d14d41d5d479a5e6a8a2cd4efdac9d928823
commit: d50d85ea8574956b273faf4cb2493a98c6548b04 [65/81] wifi: ath12k: Use mac80211 sta's link_sta instead of deflink
:::::: branch date: 10 hours ago
:::::: commit date: 5 days ago
config: csky-randconfig-r072-20241008 (https://download.01.org/0day-ci/archive/20241009/202410091157.eMoYClhc-lkp@intel.com/config)
compiler: csky-linux-gcc (GCC) 14.1.0
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202410091157.eMoYClhc-lkp@intel.com/
New smatch warnings:
drivers/net/wireless/ath/ath12k/mac.c:534 ath12k_get_link_sta() error: buffer overflow 'sta->link' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:534 ath12k_get_link_sta() error: buffer overflow 'sta->link' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:534 ath12k_get_link_sta() error: buffer overflow 'sta->link' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:534 ath12k_get_link_sta() error: buffer overflow 'sta->link' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:534 ath12k_get_link_sta() error: buffer overflow 'sta->link' 15 <= 15
Old smatch warnings:
drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:517 ath12k_get_link_bss_conf() error: buffer overflow 'vif->link_conf' 15 <= 15
drivers/net/wireless/ath/ath12k/mac.c:1496 ath12k_mac_set_arvif_ies() warn: potential spectre issue 'nontx->data' [r] (local cap)
drivers/net/wireless/ath/ath12k/mac.c:1484 ath12k_mac_set_arvif_ies() warn: potential spectre issue 'elem->data' [r] (local cap)
drivers/net/wireless/ath/ath12k/mac.c:4675 ath12k_mac_op_set_key() error: uninitialized symbol 'ret'.
drivers/net/wireless/ath/ath12k/mac.c:5892 ath12k_conf_tx_uapsd() error: uninitialized symbol 'value'.
drivers/net/wireless/ath/ath12k/mac.c:5894 ath12k_conf_tx_uapsd() error: uninitialized symbol 'value'.
drivers/net/wireless/ath/ath12k/mac.c:11000 ath12k_mac_destroy() error: we previously assumed 'ab' could be null (see line 10989)
drivers/net/wireless/ath/ath12k/mac.c:11067 ath12k_mac_allocate() error: uninitialized symbol 'ab'.
vim +534 drivers/net/wireless/ath/ath12k/mac.c
8e3d460d4c16e5 Sriram R 2024-08-16 521
d50d85ea857495 Sriram R 2024-08-16 522 static struct
d50d85ea857495 Sriram R 2024-08-16 523 ieee80211_link_sta *ath12k_get_link_sta(struct ath12k_link_sta *arsta)
d50d85ea857495 Sriram R 2024-08-16 524 {
d50d85ea857495 Sriram R 2024-08-16 525 struct ath12k_sta *ahsta = arsta->ahsta;
d50d85ea857495 Sriram R 2024-08-16 526 struct ieee80211_sta *sta = ath12k_ahsta_to_sta(ahsta);
d50d85ea857495 Sriram R 2024-08-16 527 struct ieee80211_link_sta *link_sta;
d50d85ea857495 Sriram R 2024-08-16 528 /* ieee80211_sta->link[]'s are rcu objects which requires rcu_read_lock()
d50d85ea857495 Sriram R 2024-08-16 529 * to be held for safe access.
d50d85ea857495 Sriram R 2024-08-16 530 */
d50d85ea857495 Sriram R 2024-08-16 531 if (arsta->link_id > IEEE80211_MLD_MAX_NUM_LINKS)
d50d85ea857495 Sriram R 2024-08-16 532 return NULL;
d50d85ea857495 Sriram R 2024-08-16 533 rcu_read_lock();
d50d85ea857495 Sriram R 2024-08-16 @534 link_sta = rcu_dereference(sta->link[arsta->link_id]);
d50d85ea857495 Sriram R 2024-08-16 535 rcu_read_unlock();
d50d85ea857495 Sriram R 2024-08-16 536 return link_sta;
d50d85ea857495 Sriram R 2024-08-16 537 }
d50d85ea857495 Sriram R 2024-08-16 538
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2024-10-09 3:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-09 3:25 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-10-09 11:16 [ath:ath12k-mlo-qcn9274 65/81] drivers/net/wireless/ath/ath12k/mac.c:534 ath12k_get_link_sta() error: buffer overflow 'sta->link' 15 <= 15 Dan Carpenter
2024-11-04 20:21 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202410091157.eMoYClhc-lkp@intel.com \
--to=lkp@intel.com \
--cc=error27@gmail.com \
--cc=oe-kbuild@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.