| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jun 2022 10:59:10 +0800
From: kernel test robot <lkp@...el.com>
To: Miles Hu <milehu@...eaurora.org>
Cc: kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
Kalle Valo <kvalo@...eaurora.org>,
Aloka Dixit <alokad@...eaurora.org>,
Lavanya Suresh <lavaks@...eaurora.org>,
Pradeep Chitrapu <pradeepc@...eaurora.org>,
Venkateswara Naralasetty <vnaralas@...eaurora.org>,
Jouni Malinen <jouni@...eaurora.org>
Subject: drivers/net/wireless/ath/ath11k/mac.c:1889:29: warning:
'ath11k_peer_assoc_h_he_limit' reading 16 bytes from a region of size 0
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: f2906aa863381afb0015a9eb7fefad885d4e5a56
commit: 61fe43e7216df6e9a912d831aafc7142fa20f280 ath11k: add support for setting fixed HE rate/gi/ltf
date: 8 months ago
config: arm64-sof-customedconfig-memory-debug-defconfig (https://download.01.org/0day-ci/archive/20220607/202206071043.lpcglnsK-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=61fe43e7216df6e9a912d831aafc7142fa20f280
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 61fe43e7216df6e9a912d831aafc7142fa20f280
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.3.0 make.cross W=1 O=build_dir ARCH=arm64 SHELL=/bin/bash drivers/net/wireless/ath/ath11k/
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@...el.com>
All warnings (new ones prefixed by >>):
In function 'ath11k_peer_assoc_h_he',
inlined from 'ath11k_peer_assoc_prepare' at drivers/net/wireless/ath/ath11k/mac.c:2232:2:
>> drivers/net/wireless/ath/ath11k/mac.c:1889:29: warning: 'ath11k_peer_assoc_h_he_limit' reading 16 bytes from a region of size 0 [-Wstringop-overread]
1889 | v = ath11k_peer_assoc_h_he_limit(v, he_mcs_mask);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/ath/ath11k/mac.c: In function 'ath11k_peer_assoc_prepare':
drivers/net/wireless/ath/ath11k/mac.c:1889:29: note: referencing argument 2 of type 'const u16 *' {aka 'const short unsigned int *'}
drivers/net/wireless/ath/ath11k/mac.c:1706:12: note: in a call to function 'ath11k_peer_assoc_h_he_limit'
1706 | static u16 ath11k_peer_assoc_h_he_limit(u16 tx_mcs_set,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'ath11k_peer_assoc_h_he',
inlined from 'ath11k_peer_assoc_prepare' at drivers/net/wireless/ath/ath11k/mac.c:2232:2:
drivers/net/wireless/ath/ath11k/mac.c:1902:21: warning: 'ath11k_peer_assoc_h_he_limit' reading 16 bytes from a region of size 0 [-Wstringop-overread]
1902 | v = ath11k_peer_assoc_h_he_limit(v, he_mcs_mask);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/ath/ath11k/mac.c: In function 'ath11k_peer_assoc_prepare':
drivers/net/wireless/ath/ath11k/mac.c:1902:21: note: referencing argument 2 of type 'const u16 *' {aka 'const short unsigned int *'}
drivers/net/wireless/ath/ath11k/mac.c:1706:12: note: in a call to function 'ath11k_peer_assoc_h_he_limit'
1706 | static u16 ath11k_peer_assoc_h_he_limit(u16 tx_mcs_set,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'ath11k_peer_assoc_h_he',
inlined from 'ath11k_peer_assoc_prepare' at drivers/net/wireless/ath/ath11k/mac.c:2232:2:
drivers/net/wireless/ath/ath11k/mac.c:1915:21: warning: 'ath11k_peer_assoc_h_he_limit' reading 16 bytes from a region of size 0 [-Wstringop-overread]
1915 | v = ath11k_peer_assoc_h_he_limit(v, he_mcs_mask);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/ath/ath11k/mac.c: In function 'ath11k_peer_assoc_prepare':
drivers/net/wireless/ath/ath11k/mac.c:1915:21: note: referencing argument 2 of type 'const u16 *' {aka 'const short unsigned int *'}
drivers/net/wireless/ath/ath11k/mac.c:1706:12: note: in a call to function 'ath11k_peer_assoc_h_he_limit'
1706 | static u16 ath11k_peer_assoc_h_he_limit(u16 tx_mcs_set,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'ath11k_peer_assoc_h_he',
inlined from 'ath11k_peer_assoc_prepare' at drivers/net/wireless/ath/ath11k/mac.c:2232:2:
drivers/net/wireless/ath/ath11k/mac.c:1915:21: warning: 'ath11k_peer_assoc_h_he_limit' reading 16 bytes from a region of size 0 [-Wstringop-overread]
1915 | v = ath11k_peer_assoc_h_he_limit(v, he_mcs_mask);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/ath/ath11k/mac.c: In function 'ath11k_peer_assoc_prepare':
drivers/net/wireless/ath/ath11k/mac.c:1915:21: note: referencing argument 2 of type 'const u16 *' {aka 'const short unsigned int *'}
drivers/net/wireless/ath/ath11k/mac.c:1706:12: note: in a call to function 'ath11k_peer_assoc_h_he_limit'
1706 | static u16 ath11k_peer_assoc_h_he_limit(u16 tx_mcs_set,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'ath11k_peer_assoc_h_he',
inlined from 'ath11k_peer_assoc_prepare' at drivers/net/wireless/ath/ath11k/mac.c:2232:2:
drivers/net/wireless/ath/ath11k/mac.c:1915:21: warning: 'ath11k_peer_assoc_h_he_limit' reading 16 bytes from a region of size 0 [-Wstringop-overread]
1915 | v = ath11k_peer_assoc_h_he_limit(v, he_mcs_mask);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/ath/ath11k/mac.c: In function 'ath11k_peer_assoc_prepare':
drivers/net/wireless/ath/ath11k/mac.c:1915:21: note: referencing argument 2 of type 'const u16 *' {aka 'const short unsigned int *'}
drivers/net/wireless/ath/ath11k/mac.c:1706:12: note: in a call to function 'ath11k_peer_assoc_h_he_limit'
1706 | static u16 ath11k_peer_assoc_h_he_limit(u16 tx_mcs_set,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'ath11k_peer_assoc_h_he',
inlined from 'ath11k_peer_assoc_prepare' at drivers/net/wireless/ath/ath11k/mac.c:2232:2:
drivers/net/wireless/ath/ath11k/mac.c:1902:21: warning: 'ath11k_peer_assoc_h_he_limit' reading 16 bytes from a region of size 0 [-Wstringop-overread]
1902 | v = ath11k_peer_assoc_h_he_limit(v, he_mcs_mask);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/ath/ath11k/mac.c: In function 'ath11k_peer_assoc_prepare':
drivers/net/wireless/ath/ath11k/mac.c:1902:21: note: referencing argument 2 of type 'const u16 *' {aka 'const short unsigned int *'}
drivers/net/wireless/ath/ath11k/mac.c:1706:12: note: in a call to function 'ath11k_peer_assoc_h_he_limit'
1706 | static u16 ath11k_peer_assoc_h_he_limit(u16 tx_mcs_set,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
vim +/ath11k_peer_assoc_h_he_limit +1889 drivers/net/wireless/ath/ath11k/mac.c
1761
1762 static void ath11k_peer_assoc_h_he(struct ath11k *ar,
1763 struct ieee80211_vif *vif,
1764 struct ieee80211_sta *sta,
1765 struct peer_assoc_params *arg)
1766 {
1767 struct ath11k_vif *arvif = (void *)vif->drv_priv;
1768 struct cfg80211_chan_def def;
1769 const struct ieee80211_sta_he_cap *he_cap = &sta->he_cap;
1770 u8 ampdu_factor;
1771 enum nl80211_band band;
1772 u16 *he_mcs_mask;
1773 u8 max_nss, he_mcs;
1774 u16 he_tx_mcs = 0, v = 0;
1775 int i, he_nss, nss_idx;
1776 bool user_rate_valid = true;
1777
1778 if (WARN_ON(ath11k_mac_vif_chan(vif, &def)))
1779 return;
1780
1781 if (!he_cap->has_he)
1782 return;
1783
1784 band = def.chan->band;
1785 he_mcs_mask = arvif->bitrate_mask.control[band].he_mcs;
1786
1787 if (ath11k_peer_assoc_h_he_masked(he_mcs_mask))
1788 return;
1789
1790 arg->he_flag = true;
1791
1792 memcpy_and_pad(&arg->peer_he_cap_macinfo,
1793 sizeof(arg->peer_he_cap_macinfo),
1794 he_cap->he_cap_elem.mac_cap_info,
1795 sizeof(he_cap->he_cap_elem.mac_cap_info),
1796 0);
1797 memcpy_and_pad(&arg->peer_he_cap_phyinfo,
1798 sizeof(arg->peer_he_cap_phyinfo),
1799 he_cap->he_cap_elem.phy_cap_info,
1800 sizeof(he_cap->he_cap_elem.phy_cap_info),
1801 0);
1802 arg->peer_he_ops = vif->bss_conf.he_oper.params;
1803
1804 /* the top most byte is used to indicate BSS color info */
1805 arg->peer_he_ops &= 0xffffff;
1806
1807 /* As per section 26.6.1 11ax Draft5.0, if the Max AMPDU Exponent Extension
1808 * in HE cap is zero, use the arg->peer_max_mpdu as calculated while parsing
1809 * VHT caps(if VHT caps is present) or HT caps (if VHT caps is not present).
1810 *
1811 * For non-zero value of Max AMPDU Extponent Extension in HE MAC caps,
1812 * if a HE STA sends VHT cap and HE cap IE in assoc request then, use
1813 * MAX_AMPDU_LEN_FACTOR as 20 to calculate max_ampdu length.
1814 * If a HE STA that does not send VHT cap, but HE and HT cap in assoc
1815 * request, then use MAX_AMPDU_LEN_FACTOR as 16 to calculate max_ampdu
1816 * length.
1817 */
1818 ampdu_factor = u8_get_bits(he_cap->he_cap_elem.mac_cap_info[3],
1819 IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_MASK);
1820
1821 if (ampdu_factor) {
1822 if (sta->vht_cap.vht_supported)
1823 arg->peer_max_mpdu = (1 << (IEEE80211_HE_VHT_MAX_AMPDU_FACTOR +
1824 ampdu_factor)) - 1;
1825 else if (sta->ht_cap.ht_supported)
1826 arg->peer_max_mpdu = (1 << (IEEE80211_HE_HT_MAX_AMPDU_FACTOR +
1827 ampdu_factor)) - 1;
1828 }
1829
1830 if (he_cap->he_cap_elem.phy_cap_info[6] &
1831 IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT) {
1832 int bit = 7;
1833 int nss, ru;
1834
1835 arg->peer_ppet.numss_m1 = he_cap->ppe_thres[0] &
1836 IEEE80211_PPE_THRES_NSS_MASK;
1837 arg->peer_ppet.ru_bit_mask =
1838 (he_cap->ppe_thres[0] &
1839 IEEE80211_PPE_THRES_RU_INDEX_BITMASK_MASK) >>
1840 IEEE80211_PPE_THRES_RU_INDEX_BITMASK_POS;
1841
1842 for (nss = 0; nss <= arg->peer_ppet.numss_m1; nss++) {
1843 for (ru = 0; ru < 4; ru++) {
1844 u32 val = 0;
1845 int i;
1846
1847 if ((arg->peer_ppet.ru_bit_mask & BIT(ru)) == 0)
1848 continue;
1849 for (i = 0; i < 6; i++) {
1850 val >>= 1;
1851 val |= ((he_cap->ppe_thres[bit / 8] >>
1852 (bit % 8)) & 0x1) << 5;
1853 bit++;
1854 }
1855 arg->peer_ppet.ppet16_ppet8_ru3_ru0[nss] |=
1856 val << (ru * 6);
1857 }
1858 }
1859 }
1860
1861 if (he_cap->he_cap_elem.mac_cap_info[0] & IEEE80211_HE_MAC_CAP0_TWT_RES)
1862 arg->twt_responder = true;
1863 if (he_cap->he_cap_elem.mac_cap_info[0] & IEEE80211_HE_MAC_CAP0_TWT_REQ)
1864 arg->twt_requester = true;
1865
1866 he_nss = ath11k_mac_max_he_nss(he_mcs_mask);
1867
1868 if (he_nss > sta->rx_nss) {
1869 user_rate_valid = false;
1870 for (nss_idx = sta->rx_nss - 1; nss_idx >= 0; nss_idx--) {
1871 if (he_mcs_mask[nss_idx]) {
1872 user_rate_valid = true;
1873 break;
1874 }
1875 }
1876 }
1877
1878 if (!user_rate_valid) {
1879 ath11k_dbg(ar->ab, ATH11K_DBG_MAC, "mac setting he range mcs value to peer supported nss %d for peer %pM\n",
1880 sta->rx_nss, sta->addr);
1881 he_mcs_mask[sta->rx_nss - 1] = he_mcs_mask[he_nss - 1];
1882 }
1883
1884 switch (sta->bandwidth) {
1885 case IEEE80211_STA_RX_BW_160:
1886 if (he_cap->he_cap_elem.phy_cap_info[0] &
1887 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G) {
1888 v = le16_to_cpu(he_cap->he_mcs_nss_supp.rx_mcs_80p80);
> 1889 v = ath11k_peer_assoc_h_he_limit(v, he_mcs_mask);
1890 arg->peer_he_rx_mcs_set[WMI_HECAP_TXRX_MCS_NSS_IDX_80_80] = v;
1891
1892 v = le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80p80);
1893 arg->peer_he_tx_mcs_set[WMI_HECAP_TXRX_MCS_NSS_IDX_80_80] = v;
1894
1895 arg->peer_he_mcs_count++;
1896 he_tx_mcs = v;
1897 }
1898 v = le16_to_cpu(he_cap->he_mcs_nss_supp.rx_mcs_160);
1899 arg->peer_he_rx_mcs_set[WMI_HECAP_TXRX_MCS_NSS_IDX_160] = v;
1900
1901 v = le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_160);
1902 v = ath11k_peer_assoc_h_he_limit(v, he_mcs_mask);
1903 arg->peer_he_tx_mcs_set[WMI_HECAP_TXRX_MCS_NSS_IDX_160] = v;
1904
1905 arg->peer_he_mcs_count++;
1906 if (!he_tx_mcs)
1907 he_tx_mcs = v;
1908 fallthrough;
1909
1910 default:
1911 v = le16_to_cpu(he_cap->he_mcs_nss_supp.rx_mcs_80);
1912 arg->peer_he_rx_mcs_set[WMI_HECAP_TXRX_MCS_NSS_IDX_80] = v;
1913
1914 v = le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80);
1915 v = ath11k_peer_assoc_h_he_limit(v, he_mcs_mask);
1916 arg->peer_he_tx_mcs_set[WMI_HECAP_TXRX_MCS_NSS_IDX_80] = v;
1917
1918 arg->peer_he_mcs_count++;
1919 if (!he_tx_mcs)
1920 he_tx_mcs = v;
1921 break;
1922 }
1923
1924 /* Calculate peer NSS capability from HE capabilities if STA
1925 * supports HE.
1926 */
1927 for (i = 0, max_nss = 0, he_mcs = 0; i < NL80211_HE_NSS_MAX; i++) {
1928 he_mcs = he_tx_mcs >> (2 * i) & 3;
1929
1930 /* In case of fixed rates, MCS Range in he_tx_mcs might have
1931 * unsupported range, with he_mcs_mask set, so check either of them
1932 * to find nss.
1933 */
1934 if (he_mcs != IEEE80211_HE_MCS_NOT_SUPPORTED ||
1935 he_mcs_mask[i])
1936 max_nss = i + 1;
1937 }
1938 arg->peer_nss = min(sta->rx_nss, max_nss);
1939
1940 ath11k_dbg(ar->ab, ATH11K_DBG_MAC,
1941 "mac he peer %pM nss %d mcs cnt %d\n",
1942 sta->addr, arg->peer_nss, arg->peer_he_mcs_count);
1943 }
1944
--
0-DAY CI Kernel Test Service
https://01.org/lkp
Powered by blists - more mailing lists