From: Ping-Ke Shih <pkshih@xxxxxxxxxxx> [ Upstream commit 3f79e541593fecc2a90687eb7162e15a499caa33 ] ofdm_index[] is used to indicate how many power compensation is needed to current thermal value. For internal PA module or 2.4G band, the min_index is different from other cases. This issue originally is reported by Dan. He found the size of ofdm_index[] is 2, but access index 'i' may be equal to 2 if 'rf' is 2 in case of 'is2t'. In fact, the chunk of code is added to wrong place, so move it back to proper place, and then power compensation and buffer overflow are fixed. Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Signed-off-by: Ping-Ke Shih <pkshih@xxxxxxxxxxx> Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx> Link: https://lore.kernel.org/r/20201207031903.7599-1-pkshih@xxxxxxxxxxx Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- drivers/net/wireless/realtek/rtlwifi/rtl8192de/dm.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192de/dm.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192de/dm.c index 71f3b6b5d7bd9..5baa1b127fff0 100644 --- a/drivers/net/wireless/realtek/rtlwifi/rtl8192de/dm.c +++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192de/dm.c @@ -986,18 +986,19 @@ static void rtl92d_dm_txpower_tracking_callback_thermalmeter( rtlpriv->dm.cck_index); } for (i = 0; i < rf; i++) { - if (ofdm_index[i] > OFDM_TABLE_SIZE_92D - 1) + if (ofdm_index[i] > OFDM_TABLE_SIZE_92D - 1) { ofdm_index[i] = OFDM_TABLE_SIZE_92D - 1; - else if (ofdm_index[i] < ofdm_min_index) + } else if (internal_pa || + rtlhal->current_bandtype == BAND_ON_2_4G) { + if (ofdm_index[i] < ofdm_min_index_internal_pa) + ofdm_index[i] = ofdm_min_index_internal_pa; + } else if (ofdm_index[i] < ofdm_min_index) { ofdm_index[i] = ofdm_min_index; + } } if (rtlhal->current_bandtype == BAND_ON_2_4G) { if (cck_index > CCK_TABLE_SIZE - 1) { cck_index = CCK_TABLE_SIZE - 1; - } else if (internal_pa || - rtlhal->current_bandtype == BAND_ON_2_4G) { - if (ofdm_index[i] < ofdm_min_index_internal_pa) - ofdm_index[i] = ofdm_min_index_internal_pa; } else if (cck_index < 0) { cck_index = 0; } -- 2.27.0