From patchwork Wed Dec  7 16:03:10 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Deren Wu <Deren.Wu@mediatek.com>
X-Patchwork-Id: 632193
Return-Path: <linux-wireless-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by smtp.lore.kernel.org (Postfix) with ESMTP id D1F83C4708E
 for <linux-wireless@archiver.kernel.org>;
 Wed,  7 Dec 2022 16:03:35 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S229671AbiLGQDe (ORCPT
 <rfc822;linux-wireless@archiver.kernel.org>);
 Wed, 7 Dec 2022 11:03:34 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34612 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S229626AbiLGQDd (ORCPT
 <rfc822;linux-wireless@vger.kernel.org>);
 Wed, 7 Dec 2022 11:03:33 -0500
Received: from mailgw01.mediatek.com (unknown [60.244.123.138])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD8AD27CF2
 for <linux-wireless@vger.kernel.org>;
 Wed,  7 Dec 2022 08:03:25 -0800 (PST)
X-UUID: d742b6c6e8e94b57b3fbcb9f424d7bc2-20221208
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=mediatek.com; s=dk;
 h=Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From;
 bh=2gZxVDRSgNhczwL0jmLPqk9fVEXg0i7s4V4i2FAUxYc=;
 b=s/j/6uUxGm8Kjuo2PKhPSS4oYMJqGqOvEPZ5mwsrRliBKnoykcqlhvXR4Kkbz3a8zh4oNSDtT0FSF3re0Zi3oXCr/8vJ6FlrFgSw3BZoTElAOj+4lrkRS3XN81k06n/9USJu2PBB6rYFKClHzwM0GTh8O5kTKT3nLpujxpfE0yI=;
X-CID-P-RULE: Release_Ham
X-CID-O-INFO: VERSION:1.1.14, REQID:7fa63f1b-f263-46a9-850d-e583281da19d, IP:0,
 U
 RL:0,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION:
 release,TS:0
X-CID-META: VersionHash:dcaaed0, CLOUDID:2f739924-4387-4253-a41d-4f6f2296b154,
 B
 ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U
 RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0
X-UUID: d742b6c6e8e94b57b3fbcb9f424d7bc2-20221208
Received: from mtkexhb01.mediatek.inc [(172.21.101.102)] by
 mailgw01.mediatek.com (envelope-from <deren.wu@mediatek.com>)
 (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256)
 with ESMTP id 1115580094; Thu, 08 Dec 2022 00:03:18 +0800
Received: from mtkmbs13n2.mediatek.inc (172.21.101.108) by
 mtkmbs10n1.mediatek.inc (172.21.101.34) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.792.15; Thu, 8 Dec 2022 00:03:17 +0800
Received: from mtksdccf07.mediatek.inc (172.21.84.99) by
 mtkmbs13n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id
 15.2.792.15 via Frontend Transport; Thu, 8 Dec 2022 00:03:17 +0800
From: Deren Wu <deren.wu@mediatek.com>
To: Felix Fietkau <nbd@nbd.name>, Lorenzo Bianconi <lorenzo@kernel.org>
CC: Sean Wang <sean.wang@mediatek.com>, Soul Huang <Soul.Huang@mediatek.com>,
 YN Chen <YN.Chen@mediatek.com>, Leon Yen <Leon.Yen@mediatek.com>,
 "Eric-SY Chang" <Eric-SY.Chang@mediatek.com>,
 Deren Wu <Deren.Wu@mediatek.com>, KM Lin <km.lin@mediatek.com>,
 Robin Chiu <robin.chiu@mediatek.com>,
 CH Yeh <ch.yeh@mediatek.com>, Posh Sun <posh.sun@mediatek.com>,
 Stella Chang <Stella.Chang@mediatek.com>,
 Evelyn Tsai <evelyn.tsai@mediatek.com>,
 "Ryder Lee" <ryder.lee@mediatek.com>,
 Shayne Chen <shayne.chen@mediatek.com>,
 linux-wireless <linux-wireless@vger.kernel.org>,
 linux-mediatek <linux-mediatek@lists.infradead.org>,
 Deren Wu <deren.wu@mediatek.com>
Subject: [PATCH v2] wifi: mt76: fix coverity uninit_use_in_call in
 mt76_connac2_reverse_frag0_hdr_trans()
Date: Thu, 8 Dec 2022 00:03:10 +0800
Message-ID: <bde6335dde0a79d2c2b43323167fd5c2beb45645.1670427543.git.deren.wu@mediatek.com>
X-Mailer: git-send-email 2.18.0
MIME-Version: 1.0
X-MTK: N
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

The default case for frame_contorl is invalid. We should always
assign addr3 of this frame properly.

Coverity error message:
if (ieee80211_has_a4(hdr.frame_control))
(19) Event uninit_use_in_call:	Using uninitialized value "hdr".
Field "hdr.addr3" is uninitialized when calling "memcpy".
	memcpy(skb_push(skb, sizeof(hdr)), &hdr, sizeof(hdr));
else
	memcpy(skb_push(skb, sizeof(hdr) - 6), &hdr, sizeof(hdr) - 6);

Fixes: 0880d40871d1 ("mt76: connac: move mt76_connac2_reverse_frag0_hdr_trans in mt76-connac module")
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
---
v2 : add Fixes tag
---
 drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c b/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c
index fd60123fb284..c8d0c84e688b 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c
@@ -930,7 +930,7 @@ int mt76_connac2_reverse_frag0_hdr_trans(struct ieee80211_vif *vif,
 		ether_addr_copy(hdr.addr4, eth_hdr->h_source);
 		break;
 	default:
-		break;
+		return -EINVAL;
 	}
 
 	skb_pull(skb, hdr_offset + sizeof(struct ethhdr) - 2);