wifi: iwlwifi: mvm: avoid UB shift of snif_queue

For the old TX API we need the tfd_queue_msk, but for the
new TX API we don't need it here because we add it to the
station later. However, for the new API mvm->snif_queue is
set to IWL_MVM_INVALID_QUEUE == 0xffff, so the BIT() here
is undefined behaviour.

Since we don't need the tfd_queue_msk value for the new TX
API at all, simply fill it in only for the old API.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230305124407.b8da0b7eb194.I53744fd7cfb6e146a9393272a2a61852841238d9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
index aa791db..114c96b 100644 (file)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
@@ -654,7 +654,7 @@ static int iwl_mvm_mac_ctxt_cmd_listener(struct iwl_mvm *mvm,
                                         u32 action)
 {
        struct iwl_mac_ctx_cmd cmd = {};
-       u32 tfd_queue_msk = BIT(mvm->snif_queue);
+       u32 tfd_queue_msk = 0;
        int ret;
 
        WARN_ON(vif->type != NL80211_IFTYPE_MONITOR);
@@ -669,6 +669,14 @@ static int iwl_mvm_mac_ctxt_cmd_listener(struct iwl_mvm *mvm,
                                       MAC_FILTER_ACCEPT_GRP);
        ieee80211_hw_set(mvm->hw, RX_INCLUDES_FCS);
 
+       /*
+        * the queue mask is only relevant for old TX API, and
+        * mvm->snif_queue isn't set here (it's still set to
+        * IWL_MVM_INVALID_QUEUE so the BIT() of it is UB)
+        */
+       if (!iwl_mvm_has_new_tx_api(mvm))
+               tfd_queue_msk = BIT(mvm->snif_queue);
+
        /* Allocate sniffer station */
        ret = iwl_mvm_allocate_int_sta(mvm, &mvm->snif_sta, tfd_queue_msk,
                                       vif->type, IWL_STA_GENERAL_PURPOSE);