[bug report] wifi: mt76: move mt76_rate_power from core to mt76x02 driver code

Linux wireless drivers development
 help / color / mirror / Atom feed

From: Dan Carpenter <error27@gmail.com>
To: nbd@nbd.name
Cc: linux-wireless@vger.kernel.org
Subject: [bug report] wifi: mt76: move mt76_rate_power from core to mt76x02 driver code
Date: Sat, 3 Dec 2022 15:09:38 +0300	[thread overview]
Message-ID: <Y4s8gszsMUvPfIV9@kili> (raw)

Hello Felix Fietkau,

The patch b376d96362d8: "wifi: mt76: move mt76_rate_power from core
to mt76x02 driver code" from Sep 28, 2022, leads to the following
Smatch static checker warning:

	drivers/net/wireless/mediatek/mt76/mt76x0/phy.c:645 mt76x0_phy_get_target_power()
	error: buffer overflow 'dev->rate_power.vht' 2 <= 9

drivers/net/wireless/mediatek/mt76/mt76x0/phy.c
    635                 *target_power = cur_power + dev->rate_power.ofdm[index];
    636                 *target_pa_power = mt76x0_phy_get_rf_pa_mode(dev, 0, index + 4);
    637                 break;
    638         }
    639         case 4:
    640                 /* vht rates */
    641                 tx_rate = info[1] & 0xf;
    642                 if (tx_rate > 9)
                            ^^^^^^^^^^^

    643                         return -EINVAL;
    644 
--> 645                 *target_power = cur_power + dev->rate_power.vht[tx_rate];

In the original code this was a 10 element array but now it's only 2
elements.

    646                 *target_pa_power = mt76x0_phy_get_rf_pa_mode(dev, 1, tx_rate);
    647                 break;
    648         default:
    649                 /* ht rates */
    650                 tx_rate = info[1] & 0x7f;
    651                 if (tx_rate > 9)
    652                         return -EINVAL;
    653 
    654                 *target_power = cur_power + dev->rate_power.ht[tx_rate];
    655                 *target_pa_power = mt76x0_phy_get_rf_pa_mode(dev, 1, tx_rate);
    656                 break;
    657         }
    658 
    659         return 0;
    660 }

regards,
dan carpenter

                 reply	other threads:[~2022-12-03 12:09 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y4s8gszsMUvPfIV9@kili \
    --to=error27@gmail.com \
    --cc=linux-wireless@vger.kernel.org \
    --cc=nbd@nbd.name \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox