CC: kbuild-all(a)lists.01.org CC: linux-kernel(a)vger.kernel.org TO: Kees Cook CC: Chao Yu , Chao Yu tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 0da0a8a0a0e1845f495431c3d8d733d2bbf9e9e5 commit: 3f649ab728cda8038259d8f14492fe400fbab911 treewide: Remove uninitialized_var() usage date: 6 months ago :::::: branch date: 6 hours ago :::::: commit date: 6 months ago config: x86_64-randconfig-m001-20210117 (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot Reported-by: Dan Carpenter New smatch warnings: drivers/net/wireless/intel/iwlegacy/4965-mac.c:2822 il4965_hdl_tx() error: uninitialized symbol 'tid'. Old smatch warnings: drivers/net/wireless/intel/iwlegacy/4965-mac.c:1736 il4965_tx_skb() warn: potential spectre issue 'il->stations[sta_id]->tid' [r] (local cap) drivers/net/wireless/intel/iwlegacy/4965-mac.c:2822 il4965_hdl_tx() warn: potential spectre issue 'il->stations[sta_id]->tid' [r] vim +/tid +2822 drivers/net/wireless/intel/iwlegacy/4965-mac.c 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2755 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2756 /** 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2757 * il4965_hdl_tx - Handle standard (non-aggregation) Tx response 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2758 */ 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2759 static void 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2760 il4965_hdl_tx(struct il_priv *il, struct il_rx_buf *rxb) 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2761 { 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2762 struct il_rx_pkt *pkt = rxb_addr(rxb); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2763 u16 sequence = le16_to_cpu(pkt->hdr.sequence); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2764 int txq_id = SEQ_TO_QUEUE(sequence); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2765 int idx = SEQ_TO_IDX(sequence); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2766 struct il_tx_queue *txq = &il->txq[txq_id]; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2767 struct sk_buff *skb; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2768 struct ieee80211_hdr *hdr; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2769 struct ieee80211_tx_info *info; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2770 struct il4965_tx_resp *tx_resp = (void *)&pkt->u.raw[0]; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2771 u32 status = le32_to_cpu(tx_resp->u.status); 3f649ab728cda803 drivers/net/wireless/intel/iwlegacy/4965-mac.c Kees Cook 2020-06-03 2772 int tid; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2773 int sta_id; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2774 int freed; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2775 u8 *qc = NULL; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2776 unsigned long flags; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2777 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2778 if (idx >= txq->q.n_bd || il_queue_used(&txq->q, idx) == 0) { 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2779 IL_ERR("Read idx for DMA queue txq_id (%d) idx %d " 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2780 "is out of range [0-%d] %d %d\n", txq_id, idx, 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2781 txq->q.n_bd, txq->q.write_ptr, txq->q.read_ptr); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2782 return; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2783 } 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2784 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2785 txq->time_stamp = jiffies; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2786 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2787 skb = txq->skbs[txq->q.read_ptr]; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2788 info = IEEE80211_SKB_CB(skb); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2789 memset(&info->status, 0, sizeof(info->status)); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2790 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2791 hdr = (struct ieee80211_hdr *) skb->data; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2792 if (ieee80211_is_data_qos(hdr->frame_control)) { 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2793 qc = ieee80211_get_qos_ctl(hdr); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2794 tid = qc[0] & 0xf; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2795 } 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2796 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2797 sta_id = il4965_get_ra_sta_id(il, hdr); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2798 if (txq->sched_retry && unlikely(sta_id == IL_INVALID_STATION)) { 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2799 IL_ERR("Station not known\n"); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2800 return; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2801 } 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2802 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2803 /* 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2804 * Firmware will not transmit frame on passive channel, if it not yet 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2805 * received some valid frame on that channel. When this error happen 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2806 * we have to wait until firmware will unblock itself i.e. when we 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2807 * note received beacon or other frame. We unblock queues in 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2808 * il4965_pass_packet_to_mac80211 or in il_mac_bss_info_changed. 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2809 */ 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2810 if (unlikely((status & TX_STATUS_MSK) == TX_STATUS_FAIL_PASSIVE_NO_RX) && 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2811 il->iw_mode == NL80211_IFTYPE_STATION) { 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2812 il_stop_queues_by_reason(il, IL_STOP_REASON_PASSIVE); 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2813 D_INFO("Stopped queues - RX waiting on passive channel\n"); 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2814 } 8cdbab7f07e82f26 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2013-06-12 2815 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2816 spin_lock_irqsave(&il->sta_lock, flags); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2817 if (txq->sched_retry) { 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2818 const u32 scd_ssn = il4965_get_scd_ssn(tx_resp); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2819 struct il_ht_agg *agg = NULL; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2820 WARN_ON(!qc); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2821 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 @2822 agg = &il->stations[sta_id].tid[tid].agg; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2823 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2824 il4965_tx_status_reply_tx(il, agg, tx_resp, txq_id, idx); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2825 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2826 /* check if BAR is needed */ 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2827 if (tx_resp->frame_count == 1 && 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2828 !il4965_is_tx_success(status)) 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2829 info->flags |= IEEE80211_TX_STAT_AMPDU_NO_BACK; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2830 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2831 if (txq->q.read_ptr != (scd_ssn & 0xff)) { 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2832 idx = il_queue_dec_wrap(scd_ssn & 0xff, txq->q.n_bd); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2833 D_TX_REPLY("Retry scheduler reclaim scd_ssn " 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2834 "%d idx %d\n", scd_ssn, idx); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2835 freed = il4965_tx_queue_reclaim(il, txq_id, idx); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2836 if (qc) 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2837 il4965_free_tfds_in_queue(il, sta_id, tid, 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2838 freed); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2839 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2840 if (il->mac80211_registered && 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2841 il_queue_space(&txq->q) > txq->q.low_mark && 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2842 agg->state != IL_EMPTYING_HW_QUEUE_DELBA) 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2843 il_wake_queue(il, txq); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2844 } 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2845 } else { 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2846 info->status.rates[0].count = tx_resp->failure_frame + 1; 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2847 info->flags |= il4965_tx_status_to_mac80211(status); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2848 il4965_hwrate_to_tx_control(il, 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2849 le32_to_cpu(tx_resp->rate_n_flags), 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2850 info); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2851 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2852 D_TX_REPLY("TXQ %d status %s (0x%08x) " 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2853 "rate_n_flags 0x%x retries %d\n", txq_id, 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2854 il4965_get_tx_fail_reason(status), status, 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2855 le32_to_cpu(tx_resp->rate_n_flags), 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2856 tx_resp->failure_frame); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2857 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2858 freed = il4965_tx_queue_reclaim(il, txq_id, idx); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2859 if (qc && likely(sta_id != IL_INVALID_STATION)) 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2860 il4965_free_tfds_in_queue(il, sta_id, tid, freed); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2861 else if (sta_id == IL_INVALID_STATION) 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2862 D_TX_REPLY("Station not known\n"); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2863 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2864 if (il->mac80211_registered && 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2865 il_queue_space(&txq->q) > txq->q.low_mark) 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2866 il_wake_queue(il, txq); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2867 } 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2868 if (qc && likely(sta_id != IL_INVALID_STATION)) 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2869 il4965_txq_check_empty(il, sta_id, tid, txq_id); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2870 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2871 il4965_check_abort_status(il, tx_resp->frame_count, status); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2872 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2873 spin_unlock_irqrestore(&il->sta_lock, flags); 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2874 } 3dfea27d103e9913 drivers/net/wireless/iwlegacy/4965-mac.c Stanislaw Gruszka 2012-02-13 2875 :::::: The code at line 2822 was first introduced by commit :::::: 3dfea27d103e9913698cf1a2c86745a74c7c556b iwlegacy: gather all 4965 handlers in one place :::::: TO: Stanislaw Gruszka :::::: CC: John W. Linville --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org