* [bug report] ath11k: driver for Qualcomm IEEE 802.11ax devices
@ 2019-12-13 10:53 Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2019-12-13 10:53 UTC (permalink / raw)
To: kvalo; +Cc: ath11k
Hello Kalle Valo,
This is a semi-automatic email about new static checker warnings.
The patch d5c65159f289: "ath11k: driver for Qualcomm IEEE 802.11ax
devices" from Nov 23, 2019, leads to the following Smatch complaint:
drivers/net/wireless/ath/ath11k/ce.c:192 ath11k_ce_rx_post_pipe()
error: we previously assumed 'pipe->dest_ring' could be null (see line 167)
drivers/net/wireless/ath/ath11k/ce.c
166
167 if (!(pipe->dest_ring || pipe->status_ring))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This checks that at least one is non-NULL but it should check that both
are non-NULL, probably?
if (!pipe->dest_ring || !pipe->status_ring)
168 return 0;
169
170 spin_lock_bh(&ab->ce.ce_lock);
171 while (pipe->rx_buf_needed) {
172 skb = dev_alloc_skb(pipe->buf_sz);
173 if (!skb) {
174 ret = -ENOMEM;
175 goto exit;
176 }
177
178 WARN_ON_ONCE(!IS_ALIGNED((unsigned long)skb->data, 4));
179
180 paddr = dma_map_single(ab->dev, skb->data,
181 skb->len + skb_tailroom(skb),
182 DMA_FROM_DEVICE);
183 if (unlikely(dma_mapping_error(ab->dev, paddr))) {
184 ath11k_warn(ab, "failed to dma map ce rx buf\n");
185 dev_kfree_skb_any(skb);
186 ret = -EIO;
187 goto exit;
188 }
189
190 ATH11K_SKB_RXCB(skb)->paddr = paddr;
191
192 ret = ath11k_ce_rx_buf_enqueue_pipe(pipe, skb, paddr);
^^^^
pipe->dest_ring is dereferenced inside the function.
193
194 if (ret) {
regards,
dan carpenter
_______________________________________________
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
^ permalink raw reply [flat|nested] 3+ messages in thread
* [bug report] ath11k: driver for Qualcomm IEEE 802.11ax devices
@ 2019-12-13 12:39 Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2019-12-13 12:39 UTC (permalink / raw)
To: kvalo; +Cc: ath11k
Hello Kalle Valo,
The patch d5c65159f289: "ath11k: driver for Qualcomm IEEE 802.11ax
devices" from Nov 23, 2019, leads to the following static checker
warning:
drivers/net/wireless/ath/ath11k/debugfs_sta.c:197 ath11k_update_per_peer_stats_from_txcompl()
error: uninitialized symbol 'rate_idx'.
drivers/net/wireless/ath/ath11k/debugfs_sta.c
126 void ath11k_update_per_peer_stats_from_txcompl(struct ath11k *ar,
127 struct sk_buff *msdu,
128 struct hal_tx_status *ts)
129 {
130 struct ath11k_base *ab = ar->ab;
131 struct ath11k_per_peer_tx_stats *peer_stats = &ar->cached_stats;
132 struct ath11k_peer *peer;
133 struct ath11k_sta *arsta;
134 struct ieee80211_sta *sta;
135 u16 rate;
136 u8 rate_idx;
^^^^^^^^^^^
137 int ret;
138
139 rcu_read_lock();
140 spin_lock_bh(&ab->base_lock);
141 peer = ath11k_peer_find_by_id(ab, ts->peer_id);
142 if (!peer || !peer->sta) {
143 ath11k_warn(ab, "failed to find the peer\n");
144 spin_unlock_bh(&ab->base_lock);
145 rcu_read_unlock();
146 return;
147 }
148
149 sta = peer->sta;
150 arsta = (struct ath11k_sta *)sta->drv_priv;
151
152 memset(&arsta->txrate, 0, sizeof(arsta->txrate));
153
154 if (ts->pkt_type == HAL_TX_RATE_STATS_PKT_TYPE_11A ||
155 ts->pkt_type == HAL_TX_RATE_STATS_PKT_TYPE_11B) {
156 ret = ath11k_mac_hw_ratecode_to_legacy_rate(ts->mcs,
157 ts->pkt_type,
158 &rate_idx,
159 &rate);
160 if (ret < 0) {
161 spin_unlock_bh(&ab->base_lock);
162 rcu_read_unlock();
163 return;
164 }
165 arsta->txrate.legacy = rate;
166 } else if (ts->pkt_type == HAL_TX_RATE_STATS_PKT_TYPE_11N) {
167 if (ts->mcs > 7) {
168 ath11k_warn(ab, "Invalid HT mcs index %d\n", ts->mcs);
169 spin_unlock_bh(&ab->base_lock);
170 rcu_read_unlock();
171 return;
172 }
173
174 arsta->txrate.mcs = ts->mcs + 8 * (arsta->last_txrate.nss - 1);
175 arsta->txrate.flags = RATE_INFO_FLAGS_MCS;
176 if (ts->sgi)
177 arsta->txrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
"rate_idx" is not initialized on the else paths.
178 } else if (ts->pkt_type == HAL_TX_RATE_STATS_PKT_TYPE_11AC) {
179 if (ts->mcs > 9) {
180 ath11k_warn(ab, "Invalid VHT mcs index %d\n", ts->mcs);
181 spin_unlock_bh(&ab->base_lock);
182 rcu_read_unlock();
183 return;
184 }
185
186 arsta->txrate.mcs = ts->mcs;
187 arsta->txrate.flags = RATE_INFO_FLAGS_VHT_MCS;
188 if (ts->sgi)
189 arsta->txrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
190 } else {
191 /*TODO: update HE rates */
192 }
193
194 arsta->txrate.nss = arsta->last_txrate.nss;
195 arsta->txrate.bw = ath11k_mac_bw_to_mac80211_bw(ts->bw);
196
197 ath11k_accumulate_per_peer_tx_stats(arsta, peer_stats, rate_idx);
^^^^^^^^
UBSan will complain about this at run time as well.
198 spin_unlock_bh(&ab->base_lock);
199 rcu_read_unlock();
200 }
regards,
dan carpenter
_______________________________________________
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
^ permalink raw reply [flat|nested] 3+ messages in thread
* [bug report] ath11k: driver for Qualcomm IEEE 802.11ax devices
@ 2019-12-13 10:51 Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2019-12-13 10:51 UTC (permalink / raw)
To: kvalo; +Cc: ath11k
Hello Kalle Valo,
This is a semi-automatic email about new static checker warnings.
The patch d5c65159f289: "ath11k: driver for Qualcomm IEEE 802.11ax
devices" from Nov 23, 2019, leads to the following Smatch complaint:
drivers/net/wireless/ath/ath11k/debug.c:575 ath11k_write_simulate_fw_crash()
error: we previously assumed 'ar' could be null (see line 549)
drivers/net/wireless/ath/ath11k/debug.c
548 ar = pdev->ar;
549 if (ar && ar->state == ATH11K_STATE_ON) {
^^
Check for NULL
550 radioup = 1;
551 break;
552 }
553 }
554 /* filter partial writes and invalid commands */
555 if (*ppos != 0 || count >= sizeof(buf) || count == 0)
556 return -EINVAL;
557
558 rc = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, user_buf, count);
559 if (rc < 0)
560 return rc;
561
562 /* drop the possible '\n' from the end */
563 if (buf[*ppos - 1] == '\n')
564 buf[*ppos - 1] = '\0';
565
566 if (radioup == 0) {
567 ret = -ENETDOWN;
568 goto exit;
569 }
570
571 if (!strcmp(buf, "assert")) {
572 ath11k_info(ab, "simulating firmware assert crash\n");
573 ret = ath11k_wmi_force_fw_hang_cmd(ar,
^^
Unchecked dereference inside function
574 ATH11K_WMI_FW_HANG_ASSERT_TYPE,
575 ATH11K_WMI_FW_HANG_DELAY);
576 } else {
577 ret = -EINVAL;
regards,
dan carpenter
_______________________________________________
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-12-13 12:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-13 10:53 [bug report] ath11k: driver for Qualcomm IEEE 802.11ax devices Dan Carpenter
-- strict thread matches above, loose matches on Subject: below --
2019-12-13 12:39 Dan Carpenter
2019-12-13 10:51 Dan Carpenter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.