* [bug report] mt76: mt7915: introduce 802.11ax multi-bss support
@ 2022-03-19 9:05 Dan Carpenter
2022-03-19 11:21 ` Lorenzo Bianconi
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2022-03-19 9:05 UTC (permalink / raw)
To: lorenzo; +Cc: linux-wireless
Hello Lorenzo Bianconi,
The patch 6b7f9aff7c67: "mt76: mt7915: introduce 802.11ax multi-bss
support" from Mar 15, 2022, leads to the following Smatch static
checker warning:
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c:1872 mt7915_mcu_beacon_mbss()
error: undefined (user controlled) shift '(((1))) << (data[2])'
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
1828 static void
1829 mt7915_mcu_beacon_mbss(struct sk_buff *rskb, struct sk_buff *skb,
1830 struct ieee80211_vif *vif, struct bss_info_bcn *bcn,
1831 struct ieee80211_mutable_offsets *offs)
1832 {
1833 struct bss_info_bcn_mbss *mbss;
1834 const struct element *elem;
1835 struct tlv *tlv;
1836
1837 if (!vif->bss_conf.bssid_indicator)
1838 return;
1839
1840 tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_MBSSID,
1841 sizeof(*mbss), &bcn->sub_ntlv,
1842 &bcn->len);
1843
1844 mbss = (struct bss_info_bcn_mbss *)tlv;
1845 mbss->offset[0] = cpu_to_le16(offs->tim_offset);
1846 mbss->bitmap = cpu_to_le32(1);
1847
1848 for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID,
1849 &skb->data[offs->mbssid_off],
1850 skb->len - offs->mbssid_off) {
1851 const struct element *sub_elem;
1852
1853 if (elem->datalen < 2)
1854 continue;
1855
1856 for_each_element(sub_elem, elem->data + 1, elem->datalen - 1) {
1857 const u8 *data;
1858
1859 if (sub_elem->id || sub_elem->datalen < 4)
1860 continue; /* not a valid BSS profile */
1861
1862 /* Find WLAN_EID_MULTI_BSSID_IDX
1863 * in the merged nontransmitted profile
1864 */
1865 data = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX,
1866 sub_elem->data,
1867 sub_elem->datalen);
1868 if (!data || data[1] < 1 || !data[2])
This probably needs a "|| data[2] > 31" but maybe using a define?
1869 continue;
1870
1871 mbss->offset[data[2]] = cpu_to_le16(data - skb->data);
--> 1872 mbss->bitmap |= cpu_to_le32(BIT(data[2]));
1873 }
1874 }
1875 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bug report] mt76: mt7915: introduce 802.11ax multi-bss support
2022-03-19 9:05 [bug report] mt76: mt7915: introduce 802.11ax multi-bss support Dan Carpenter
@ 2022-03-19 11:21 ` Lorenzo Bianconi
0 siblings, 0 replies; 2+ messages in thread
From: Lorenzo Bianconi @ 2022-03-19 11:21 UTC (permalink / raw)
To: Dan Carpenter; +Cc: linux-wireless
[-- Attachment #1: Type: text/plain, Size: 3200 bytes --]
> Hello Lorenzo Bianconi,
>
> The patch 6b7f9aff7c67: "mt76: mt7915: introduce 802.11ax multi-bss
> support" from Mar 15, 2022, leads to the following Smatch static
> checker warning:
>
> drivers/net/wireless/mediatek/mt76/mt7915/mcu.c:1872 mt7915_mcu_beacon_mbss()
> error: undefined (user controlled) shift '(((1))) << (data[2])'
I do not think it is a real issue since bssid_index is supposed to be limited
by mbssid_max_interfaces (set to 16 for 7915), but I will add a check. Thanks.
Regards,
Lorenzo
>
> drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
> 1828 static void
> 1829 mt7915_mcu_beacon_mbss(struct sk_buff *rskb, struct sk_buff *skb,
> 1830 struct ieee80211_vif *vif, struct bss_info_bcn *bcn,
> 1831 struct ieee80211_mutable_offsets *offs)
> 1832 {
> 1833 struct bss_info_bcn_mbss *mbss;
> 1834 const struct element *elem;
> 1835 struct tlv *tlv;
> 1836
> 1837 if (!vif->bss_conf.bssid_indicator)
> 1838 return;
> 1839
> 1840 tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_MBSSID,
> 1841 sizeof(*mbss), &bcn->sub_ntlv,
> 1842 &bcn->len);
> 1843
> 1844 mbss = (struct bss_info_bcn_mbss *)tlv;
> 1845 mbss->offset[0] = cpu_to_le16(offs->tim_offset);
> 1846 mbss->bitmap = cpu_to_le32(1);
> 1847
> 1848 for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID,
> 1849 &skb->data[offs->mbssid_off],
> 1850 skb->len - offs->mbssid_off) {
> 1851 const struct element *sub_elem;
> 1852
> 1853 if (elem->datalen < 2)
> 1854 continue;
> 1855
> 1856 for_each_element(sub_elem, elem->data + 1, elem->datalen - 1) {
> 1857 const u8 *data;
> 1858
> 1859 if (sub_elem->id || sub_elem->datalen < 4)
> 1860 continue; /* not a valid BSS profile */
> 1861
> 1862 /* Find WLAN_EID_MULTI_BSSID_IDX
> 1863 * in the merged nontransmitted profile
> 1864 */
> 1865 data = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX,
> 1866 sub_elem->data,
> 1867 sub_elem->datalen);
> 1868 if (!data || data[1] < 1 || !data[2])
>
> This probably needs a "|| data[2] > 31" but maybe using a define?
>
> 1869 continue;
> 1870
> 1871 mbss->offset[data[2]] = cpu_to_le16(data - skb->data);
> --> 1872 mbss->bitmap |= cpu_to_le32(BIT(data[2]));
> 1873 }
> 1874 }
> 1875 }
>
> regards,
> dan carpenter
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-03-19 11:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-19 9:05 [bug report] mt76: mt7915: introduce 802.11ax multi-bss support Dan Carpenter
2022-03-19 11:21 ` Lorenzo Bianconi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox