Commit Message
Greg KH
Oct. 19, 2022, 8:32 a.m. UTC
From: Zong-Zhe Yang <kevin_yang@realtek.com> [ Upstream commit 86331c7e0cd819bf0c1d0dcf895e0c90b0aa9a6f ] reported by smatch phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]' 8 <= 8 (assuming for loop doesn't break) However, it seems to be a false alarm because we prevent it originally via if (linear >= db_invert_table[11][7]) return 96; /* maximum 96 dB */ Still, we adjust the code to be more readable and avoid smatch warning. Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20220727065003.28340-5-pkshih@realtek.com Signed-off-by: Sasha Levin <sashal@kernel.org> --- drivers/net/wireless/realtek/rtw88/phy.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-)
Comments
> -----Original Message----- > From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > Sent: Wednesday, October 19, 2022 4:33 PM > To: linux-kernel@vger.kernel.org > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>; stable@vger.kernel.org; Kevin Yang > <kevin_yang@realtek.com>; Ping-Ke Shih <pkshih@realtek.com>; Kalle Valo <kvalo@kernel.org>; Sasha Levin > <sashal@kernel.org> > Subject: [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow > > From: Zong-Zhe Yang <kevin_yang@realtek.com> > > [ Upstream commit 86331c7e0cd819bf0c1d0dcf895e0c90b0aa9a6f ] > > reported by smatch > > phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]' > 8 <= 8 (assuming for loop doesn't break) > > However, it seems to be a false alarm because we prevent it originally via > if (linear >= db_invert_table[11][7]) > return 96; /* maximum 96 dB */ > > Still, we adjust the code to be more readable and avoid smatch warning. Like Pavel mentioned [1], this patch is to avoid smatch warning, not a really bug. So, shouldn't take this patch. [1] https://lore.kernel.org/linux-wireless/20221018093921.GD1264@duo.ucw.cz/ > > Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com> > Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> > Signed-off-by: Kalle Valo <kvalo@kernel.org> > Link: https://lore.kernel.org/r/20220727065003.28340-5-pkshih@realtek.com > Signed-off-by: Sasha Levin <sashal@kernel.org> > --- > drivers/net/wireless/realtek/rtw88/phy.c | 21 ++++++++------------- > 1 file changed, 8 insertions(+), 13 deletions(-) > > diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c > index 8982e0c98dac..da1efec0aa85 100644 > --- a/drivers/net/wireless/realtek/rtw88/phy.c > +++ b/drivers/net/wireless/realtek/rtw88/phy.c > @@ -816,23 +816,18 @@ static u8 rtw_phy_linear_2_db(u64 linear) > u8 j; > u32 dB; > > - if (linear >= db_invert_table[11][7]) > - return 96; /* maximum 96 dB */ > - > for (i = 0; i < 12; i++) { > - if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][7]) > - break; > - else if (i > 2 && linear <= db_invert_table[i][7]) > - break; > + for (j = 0; j < 8; j++) { > + if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j]) > + goto cnt; > + else if (i > 2 && linear <= db_invert_table[i][j]) > + goto cnt; > + } > } > > - for (j = 0; j < 8; j++) { > - if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j]) > - break; > - else if (i > 2 && linear <= db_invert_table[i][j]) > - break; > - } > + return 96; /* maximum 96 dB */ > > +cnt: > if (j == 0 && i == 0) > goto end; > > -- > 2.35.1 > > > > > ------Please consider the environment before printing this e-mail.
On Fri, Oct 21, 2022 at 12:12:29AM +0000, Ping-Ke Shih wrote: > > > > -----Original Message----- > > From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > > Sent: Wednesday, October 19, 2022 4:33 PM > > To: linux-kernel@vger.kernel.org > > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>; stable@vger.kernel.org; Kevin Yang > > <kevin_yang@realtek.com>; Ping-Ke Shih <pkshih@realtek.com>; Kalle Valo <kvalo@kernel.org>; Sasha Levin > > <sashal@kernel.org> > > Subject: [PATCH 6.0 681/862] wifi: rtw88: phy: fix warning of possible buffer overflow > > > > From: Zong-Zhe Yang <kevin_yang@realtek.com> > > > > [ Upstream commit 86331c7e0cd819bf0c1d0dcf895e0c90b0aa9a6f ] > > > > reported by smatch > > > > phy.c:854 rtw_phy_linear_2_db() error: buffer overflow 'db_invert_table[i]' > > 8 <= 8 (assuming for loop doesn't break) > > > > However, it seems to be a false alarm because we prevent it originally via > > if (linear >= db_invert_table[11][7]) > > return 96; /* maximum 96 dB */ > > > > Still, we adjust the code to be more readable and avoid smatch warning. > > Like Pavel mentioned [1], this patch is to avoid smatch warning, not a really > bug. So, shouldn't take this patch. > > [1] https://lore.kernel.org/linux-wireless/20221018093921.GD1264@duo.ucw.cz/ Ok, will go drop now, thanks. greg k-h
diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c index 8982e0c98dac..da1efec0aa85 100644 --- a/drivers/net/wireless/realtek/rtw88/phy.c +++ b/drivers/net/wireless/realtek/rtw88/phy.c @@ -816,23 +816,18 @@ static u8 rtw_phy_linear_2_db(u64 linear) u8 j; u32 dB; - if (linear >= db_invert_table[11][7]) - return 96; /* maximum 96 dB */ - for (i = 0; i < 12; i++) { - if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][7]) - break; - else if (i > 2 && linear <= db_invert_table[i][7]) - break; + for (j = 0; j < 8; j++) { + if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j]) + goto cnt; + else if (i > 2 && linear <= db_invert_table[i][j]) + goto cnt; + } } - for (j = 0; j < 8; j++) { - if (i <= 2 && (linear << FRAC_BITS) <= db_invert_table[i][j]) - break; - else if (i > 2 && linear <= db_invert_table[i][j]) - break; - } + return 96; /* maximum 96 dB */ +cnt: if (j == 0 && i == 0) goto end;