Commit b85f7ebb authored by Johannes Berg's avatar Johannes Berg
Browse files

wifi: iwlwifi: mvm: avoid UB shift of snif_queue 



For the old TX API we need the tfd_queue_msk, but for the
new TX API we don't need it here because we add it to the
station later. However, for the new API mvm->snif_queue is
set to IWL_MVM_INVALID_QUEUE == 0xffff, so the BIT() here
is undefined behaviour.

Since we don't need the tfd_queue_msk value for the new TX
API at all, simply fill it in only for the old API.

Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarGregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230305124407.b8da0b7eb194.I53744fd7cfb6e146a9393272a2a61852841238d9@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 5abf3154

drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c

+9 −1
Original line number Diff line number Diff line
@@ -654,7 +654,7 @@ static int iwl_mvm_mac_ctxt_cmd_listener(struct iwl_mvm *mvm, 
					 u32 action)

{

	struct iwl_mac_ctx_cmd cmd = {};

	u32 tfd_queue_msk = BIT(mvm->snif_queue);

	u32 tfd_queue_msk = 0;

	int ret;



	WARN_ON(vif->type != NL80211_IFTYPE_MONITOR);
@@ -669,6 +669,14 @@ static int iwl_mvm_mac_ctxt_cmd_listener(struct iwl_mvm *mvm, 
				       MAC_FILTER_ACCEPT_GRP);

	ieee80211_hw_set(mvm->hw, RX_INCLUDES_FCS);



	/*

	 * the queue mask is only relevant for old TX API, and

	 * mvm->snif_queue isn't set here (it's still set to

	 * IWL_MVM_INVALID_QUEUE so the BIT() of it is UB)

	 */

	if (!iwl_mvm_has_new_tx_api(mvm))

		tfd_queue_msk = BIT(mvm->snif_queue);



	/* Allocate sniffer station */

	ret = iwl_mvm_allocate_int_sta(mvm, &mvm->snif_sta, tfd_queue_msk,

				       vif->type, IWL_STA_GENERAL_PURPOSE);