wifi: iwlwifi: mvm: don't read past the mfuart notifcation

jira LE-1907
cve CVE-2024-40941
Rebuild_History Non-Buildable kernel-5.14.0-427.33.1.el9_4
commit-author Emmanuel Grumbach <emmanuel.grumbach@intel.com>
commit 4bb95f4

In case the firmware sends a notification that claims it has more data
than it has, we will read past that was allocated for the notification.
Remove the print of the buffer, we won't see it by default. If needed,
we can see the content with tracing.

This was reported by KFENCE.

Fixes: bdccdb8 ("iwlwifi: mvm: support MFUART dump in case of MFUART assert")
	Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
	Reviewed-by: Johannes Berg <johannes.berg@intel.com>
	Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240513132416.ba82a01a559e.Ia91dd20f5e1ca1ad380b95e68aebf2794f553d9b@changeid
	Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 4bb95f4)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>

Author: PlaidCat

drivers/net/wireless/intel/iwlwifi/mvm/fw.c

@@ -96,20 +96,10 @@ void iwl_mvm_mfu_assert_dump_notif(struct iwl_mvm *mvm,
 {
 	struct iwl_rx_packet *pkt = rxb_addr(rxb);
 	struct iwl_mfu_assert_dump_notif *mfu_dump_notif = (void *)pkt->data;
-	__le32 *dump_data = mfu_dump_notif->data;
-	int n_words = le32_to_cpu(mfu_dump_notif->data_size) / sizeof(__le32);
-	int i;
 
 	if (mfu_dump_notif->index_num == 0)
 		IWL_INFO(mvm, "MFUART assert id 0x%x occurred\n",
 			 le32_to_cpu(mfu_dump_notif->assert_id));
-
-	for (i = 0; i < n_words; i++)
-		IWL_DEBUG_INFO(mvm,
-			       "MFUART assert dump, dword %u: 0x%08x\n",
-			       le16_to_cpu(mfu_dump_notif->index_num) *
-			       n_words + i,
-			       le32_to_cpu(dump_data[i]));
 }
 
 static bool iwl_alive_fn(struct iwl_notif_wait_data *notif_wait,