incorrect shift and mask operation in drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c

From: Colin King (gmail)
Date: Mon Oct 14 2024 - 19:02:14 EST

Next message: Huang, Kai: "Re: [PATCH 09/21] KVM: TDX: Retry seamcall when TDX_OPERAND_BUSY with operand SEPT"
Previous message: Eric Dumazet: "Re: [PATCHv2 net] usbnet: modern method to get random MAC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Static analysis on drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c has found an issue with a mask and shift operation in function wlc_phy_rxcal_radio_setup_nphy() as follows:

lines 26326-26330:

offtune_val =
(pi->tx_rx_cal_radio_saveregs
[2] & 0xF0) >> 8;
offtune_val =
(offtune_val <= 0x7) ? 0xF : 0;

and similar in lines 26376-26381 too.

The issue is that the expression pi->tx_rx_cal_radio_saveregs[2] & 0xF0
when shifted 8 places right is always zero, so this looks like a mistake since some value value between 0..0xf is expected in the second statement.

Since pi->tx_rx_cal_radio_saveregs[2] is a u16 value the expression could plausible be:

(pi->tx_rx_cal_radio_saveregs[2] & 0xf0) >> 4
or
(pi->tx_rx_cal_radio_saveregs[2] & 0xf00) >> 8

I don't have knowledge of the hardware so I'm not sure what a suitable fix is.

Regards,

Colin

Next message: Huang, Kai: "Re: [PATCH 09/21] KVM: TDX: Retry seamcall when TDX_OPERAND_BUSY with operand SEPT"
Previous message: Eric Dumazet: "Re: [PATCHv2 net] usbnet: modern method to get random MAC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]