* drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
@ 2021-07-02 20:26 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2021-07-02 20:26 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 11890 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Govind Singh <govinds@codeaurora.org>
CC: Kalle Valo <kvalo@codeaurora.org>
Hi Govind,
First bad commit (maybe != root cause):
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 3dbdb38e286903ec220aaf1fb29a8d94297da246
commit: 1ff8ed786d5d8ed6d109affe6d732dfc85a45b2e ath11k: use remoteproc only with AHB devices
date: 11 months ago
:::::: branch date: 20 hours ago
:::::: commit date: 11 months ago
config: arm64-randconfig-m031-20210702 (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
drivers/net/wireless/ath/ath11k/htc.c:266 ath11k_htc_rx_completion_handler() warn: potential spectre issue 'htc->endpoint' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1527 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.umac_ring_bp_stats' [r] (local cap)
Old smatch warnings:
drivers/net/wireless/ath/ath11k/dp_rx.c:1072 ath11k_dp_peer_rx_pn_replay_config() warn: inconsistent returns '&ab->base_lock'.
vim +5740 drivers/net/wireless/ath/ath11k/wmi.c
d5c65159f289537 Kalle Valo 2019-11-23 5675
d5c65159f289537 Kalle Valo 2019-11-23 5676 static void ath11k_mgmt_rx_event(struct ath11k_base *ab, struct sk_buff *skb)
d5c65159f289537 Kalle Valo 2019-11-23 5677 {
d5c65159f289537 Kalle Valo 2019-11-23 5678 struct mgmt_rx_event_params rx_ev = {0};
d5c65159f289537 Kalle Valo 2019-11-23 5679 struct ath11k *ar;
d5c65159f289537 Kalle Valo 2019-11-23 5680 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
d5c65159f289537 Kalle Valo 2019-11-23 5681 struct ieee80211_hdr *hdr;
d5c65159f289537 Kalle Valo 2019-11-23 5682 u16 fc;
d5c65159f289537 Kalle Valo 2019-11-23 5683 struct ieee80211_supported_band *sband;
d5c65159f289537 Kalle Valo 2019-11-23 5684
d5c65159f289537 Kalle Valo 2019-11-23 5685 if (ath11k_pull_mgmt_rx_params_tlv(ab, skb, &rx_ev) != 0) {
d5c65159f289537 Kalle Valo 2019-11-23 5686 ath11k_warn(ab, "failed to extract mgmt rx event");
d5c65159f289537 Kalle Valo 2019-11-23 5687 dev_kfree_skb(skb);
d5c65159f289537 Kalle Valo 2019-11-23 5688 return;
d5c65159f289537 Kalle Valo 2019-11-23 5689 }
d5c65159f289537 Kalle Valo 2019-11-23 5690
d5c65159f289537 Kalle Valo 2019-11-23 5691 memset(status, 0, sizeof(*status));
d5c65159f289537 Kalle Valo 2019-11-23 5692
d5c65159f289537 Kalle Valo 2019-11-23 5693 ath11k_dbg(ab, ATH11K_DBG_MGMT, "mgmt rx event status %08x\n",
d5c65159f289537 Kalle Valo 2019-11-23 5694 rx_ev.status);
d5c65159f289537 Kalle Valo 2019-11-23 5695
d5c65159f289537 Kalle Valo 2019-11-23 5696 rcu_read_lock();
d5c65159f289537 Kalle Valo 2019-11-23 5697 ar = ath11k_mac_get_ar_by_pdev_id(ab, rx_ev.pdev_id);
d5c65159f289537 Kalle Valo 2019-11-23 5698
d5c65159f289537 Kalle Valo 2019-11-23 5699 if (!ar) {
d5c65159f289537 Kalle Valo 2019-11-23 5700 ath11k_warn(ab, "invalid pdev_id %d in mgmt_rx_event\n",
d5c65159f289537 Kalle Valo 2019-11-23 5701 rx_ev.pdev_id);
d5c65159f289537 Kalle Valo 2019-11-23 5702 dev_kfree_skb(skb);
d5c65159f289537 Kalle Valo 2019-11-23 5703 goto exit;
d5c65159f289537 Kalle Valo 2019-11-23 5704 }
d5c65159f289537 Kalle Valo 2019-11-23 5705
d5c65159f289537 Kalle Valo 2019-11-23 5706 if ((test_bit(ATH11K_CAC_RUNNING, &ar->dev_flags)) ||
d5c65159f289537 Kalle Valo 2019-11-23 5707 (rx_ev.status & (WMI_RX_STATUS_ERR_DECRYPT |
d5c65159f289537 Kalle Valo 2019-11-23 5708 WMI_RX_STATUS_ERR_KEY_CACHE_MISS | WMI_RX_STATUS_ERR_CRC))) {
d5c65159f289537 Kalle Valo 2019-11-23 5709 dev_kfree_skb(skb);
d5c65159f289537 Kalle Valo 2019-11-23 5710 goto exit;
d5c65159f289537 Kalle Valo 2019-11-23 5711 }
d5c65159f289537 Kalle Valo 2019-11-23 5712
d5c65159f289537 Kalle Valo 2019-11-23 5713 if (rx_ev.status & WMI_RX_STATUS_ERR_MIC)
d5c65159f289537 Kalle Valo 2019-11-23 5714 status->flag |= RX_FLAG_MMIC_ERROR;
d5c65159f289537 Kalle Valo 2019-11-23 5715
5dcf42f8b79d141 Pradeep Kumar Chitrapu 2020-06-09 5716 if (rx_ev.chan_freq >= ATH11K_MIN_6G_FREQ) {
5dcf42f8b79d141 Pradeep Kumar Chitrapu 2020-06-09 5717 status->band = NL80211_BAND_6GHZ;
5dcf42f8b79d141 Pradeep Kumar Chitrapu 2020-06-09 5718 } else if (rx_ev.channel >= 1 && rx_ev.channel <= 14) {
d5c65159f289537 Kalle Valo 2019-11-23 5719 status->band = NL80211_BAND_2GHZ;
d5c65159f289537 Kalle Valo 2019-11-23 5720 } else if (rx_ev.channel >= 36 && rx_ev.channel <= ATH11K_MAX_5G_CHAN) {
d5c65159f289537 Kalle Valo 2019-11-23 5721 status->band = NL80211_BAND_5GHZ;
d5c65159f289537 Kalle Valo 2019-11-23 5722 } else {
d5c65159f289537 Kalle Valo 2019-11-23 5723 /* Shouldn't happen unless list of advertised channels to
d5c65159f289537 Kalle Valo 2019-11-23 5724 * mac80211 has been changed.
d5c65159f289537 Kalle Valo 2019-11-23 5725 */
d5c65159f289537 Kalle Valo 2019-11-23 5726 WARN_ON_ONCE(1);
d5c65159f289537 Kalle Valo 2019-11-23 5727 dev_kfree_skb(skb);
d5c65159f289537 Kalle Valo 2019-11-23 5728 goto exit;
d5c65159f289537 Kalle Valo 2019-11-23 5729 }
d5c65159f289537 Kalle Valo 2019-11-23 5730
22eeadcdeab63e8 Pradeep Kumar Chitrapu 2020-06-09 5731 if (rx_ev.phy_mode == MODE_11B &&
22eeadcdeab63e8 Pradeep Kumar Chitrapu 2020-06-09 5732 (status->band == NL80211_BAND_5GHZ || status->band == NL80211_BAND_6GHZ))
d5c65159f289537 Kalle Valo 2019-11-23 5733 ath11k_dbg(ab, ATH11K_DBG_WMI,
22eeadcdeab63e8 Pradeep Kumar Chitrapu 2020-06-09 5734 "wmi mgmt rx 11b (CCK) on 5/6GHz, band = %d\n", status->band);
d5c65159f289537 Kalle Valo 2019-11-23 5735
d5c65159f289537 Kalle Valo 2019-11-23 5736 sband = &ar->mac.sbands[status->band];
d5c65159f289537 Kalle Valo 2019-11-23 5737
d5c65159f289537 Kalle Valo 2019-11-23 5738 status->freq = ieee80211_channel_to_frequency(rx_ev.channel,
d5c65159f289537 Kalle Valo 2019-11-23 5739 status->band);
d5c65159f289537 Kalle Valo 2019-11-23 @5740 status->signal = rx_ev.snr + ATH11K_DEFAULT_NOISE_FLOOR;
d5c65159f289537 Kalle Valo 2019-11-23 5741 status->rate_idx = ath11k_mac_bitrate_to_idx(sband, rx_ev.rate / 100);
d5c65159f289537 Kalle Valo 2019-11-23 5742
d5c65159f289537 Kalle Valo 2019-11-23 5743 hdr = (struct ieee80211_hdr *)skb->data;
d5c65159f289537 Kalle Valo 2019-11-23 5744 fc = le16_to_cpu(hdr->frame_control);
d5c65159f289537 Kalle Valo 2019-11-23 5745
d5c65159f289537 Kalle Valo 2019-11-23 5746 /* Firmware is guaranteed to report all essential management frames via
d5c65159f289537 Kalle Valo 2019-11-23 5747 * WMI while it can deliver some extra via HTT. Since there can be
d5c65159f289537 Kalle Valo 2019-11-23 5748 * duplicates split the reporting wrt monitor/sniffing.
d5c65159f289537 Kalle Valo 2019-11-23 5749 */
d5c65159f289537 Kalle Valo 2019-11-23 5750 status->flag |= RX_FLAG_SKIP_MONITOR;
d5c65159f289537 Kalle Valo 2019-11-23 5751
d5c65159f289537 Kalle Valo 2019-11-23 5752 /* In case of PMF, FW delivers decrypted frames with Protected Bit set.
d5c65159f289537 Kalle Valo 2019-11-23 5753 * Don't clear that. Also, FW delivers broadcast management frames
d5c65159f289537 Kalle Valo 2019-11-23 5754 * (ex: group privacy action frames in mesh) as encrypted payload.
d5c65159f289537 Kalle Valo 2019-11-23 5755 */
d5c65159f289537 Kalle Valo 2019-11-23 5756 if (ieee80211_has_protected(hdr->frame_control) &&
d5c65159f289537 Kalle Valo 2019-11-23 5757 !is_multicast_ether_addr(ieee80211_get_DA(hdr))) {
d5c65159f289537 Kalle Valo 2019-11-23 5758 status->flag |= RX_FLAG_DECRYPTED;
d5c65159f289537 Kalle Valo 2019-11-23 5759
d5c65159f289537 Kalle Valo 2019-11-23 5760 if (!ieee80211_is_robust_mgmt_frame(skb)) {
d5c65159f289537 Kalle Valo 2019-11-23 5761 status->flag |= RX_FLAG_IV_STRIPPED |
d5c65159f289537 Kalle Valo 2019-11-23 5762 RX_FLAG_MMIC_STRIPPED;
d5c65159f289537 Kalle Valo 2019-11-23 5763 hdr->frame_control = __cpu_to_le16(fc &
d5c65159f289537 Kalle Valo 2019-11-23 5764 ~IEEE80211_FCTL_PROTECTED);
d5c65159f289537 Kalle Valo 2019-11-23 5765 }
d5c65159f289537 Kalle Valo 2019-11-23 5766 }
d5c65159f289537 Kalle Valo 2019-11-23 5767
d5c65159f289537 Kalle Valo 2019-11-23 5768 /* TODO: Pending handle beacon implementation
d5c65159f289537 Kalle Valo 2019-11-23 5769 *if (ieee80211_is_beacon(hdr->frame_control))
d5c65159f289537 Kalle Valo 2019-11-23 5770 * ath11k_mac_handle_beacon(ar, skb);
d5c65159f289537 Kalle Valo 2019-11-23 5771 */
d5c65159f289537 Kalle Valo 2019-11-23 5772
d5c65159f289537 Kalle Valo 2019-11-23 5773 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f289537 Kalle Valo 2019-11-23 5774 "event mgmt rx skb %pK len %d ftype %02x stype %02x\n",
d5c65159f289537 Kalle Valo 2019-11-23 5775 skb, skb->len,
d5c65159f289537 Kalle Valo 2019-11-23 5776 fc & IEEE80211_FCTL_FTYPE, fc & IEEE80211_FCTL_STYPE);
d5c65159f289537 Kalle Valo 2019-11-23 5777
d5c65159f289537 Kalle Valo 2019-11-23 5778 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f289537 Kalle Valo 2019-11-23 5779 "event mgmt rx freq %d band %d snr %d, rate_idx %d\n",
d5c65159f289537 Kalle Valo 2019-11-23 5780 status->freq, status->band, status->signal,
d5c65159f289537 Kalle Valo 2019-11-23 5781 status->rate_idx);
d5c65159f289537 Kalle Valo 2019-11-23 5782
d5c65159f289537 Kalle Valo 2019-11-23 5783 ieee80211_rx_ni(ar->hw, skb);
d5c65159f289537 Kalle Valo 2019-11-23 5784
d5c65159f289537 Kalle Valo 2019-11-23 5785 exit:
d5c65159f289537 Kalle Valo 2019-11-23 5786 rcu_read_unlock();
d5c65159f289537 Kalle Valo 2019-11-23 5787 }
d5c65159f289537 Kalle Valo 2019-11-23 5788
:::::: The code at line 5740 was first introduced by commit
:::::: d5c65159f2895379e11ca13f62feabe93278985d ath11k: driver for Qualcomm IEEE 802.11ax devices
:::::: TO: Kalle Valo <kvalo@codeaurora.org>
:::::: CC: Kalle Valo <kvalo@codeaurora.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 36732 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
@ 2021-08-05 7:14 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2021-08-05 7:14 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 11765 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Govind Singh <govinds@codeaurora.org>
CC: Kalle Valo <kvalo@codeaurora.org>
Hi Govind,
First bad commit (maybe != root cause):
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 251a1524293d0a90c4d5060f65f42a3016280049
commit: 1ff8ed786d5d8ed6d109affe6d732dfc85a45b2e ath11k: use remoteproc only with AHB devices
date: 12 months ago
:::::: branch date: 12 hours ago
:::::: commit date: 12 months ago
config: x86_64-randconfig-m001-20210805 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
drivers/net/wireless/ath/ath11k/htc.c:266 ath11k_htc_rx_completion_handler() warn: potential spectre issue 'htc->endpoint' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1527 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.umac_ring_bp_stats' [r]
Old smatch warnings:
drivers/net/wireless/ath/ath11k/dp_rx.c:1072 ath11k_dp_peer_rx_pn_replay_config() warn: inconsistent returns '&ab->base_lock'.
vim +5740 drivers/net/wireless/ath/ath11k/wmi.c
d5c65159f28953 Kalle Valo 2019-11-23 5675
d5c65159f28953 Kalle Valo 2019-11-23 5676 static void ath11k_mgmt_rx_event(struct ath11k_base *ab, struct sk_buff *skb)
d5c65159f28953 Kalle Valo 2019-11-23 5677 {
d5c65159f28953 Kalle Valo 2019-11-23 5678 struct mgmt_rx_event_params rx_ev = {0};
d5c65159f28953 Kalle Valo 2019-11-23 5679 struct ath11k *ar;
d5c65159f28953 Kalle Valo 2019-11-23 5680 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5681 struct ieee80211_hdr *hdr;
d5c65159f28953 Kalle Valo 2019-11-23 5682 u16 fc;
d5c65159f28953 Kalle Valo 2019-11-23 5683 struct ieee80211_supported_band *sband;
d5c65159f28953 Kalle Valo 2019-11-23 5684
d5c65159f28953 Kalle Valo 2019-11-23 5685 if (ath11k_pull_mgmt_rx_params_tlv(ab, skb, &rx_ev) != 0) {
d5c65159f28953 Kalle Valo 2019-11-23 5686 ath11k_warn(ab, "failed to extract mgmt rx event");
d5c65159f28953 Kalle Valo 2019-11-23 5687 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5688 return;
d5c65159f28953 Kalle Valo 2019-11-23 5689 }
d5c65159f28953 Kalle Valo 2019-11-23 5690
d5c65159f28953 Kalle Valo 2019-11-23 5691 memset(status, 0, sizeof(*status));
d5c65159f28953 Kalle Valo 2019-11-23 5692
d5c65159f28953 Kalle Valo 2019-11-23 5693 ath11k_dbg(ab, ATH11K_DBG_MGMT, "mgmt rx event status %08x\n",
d5c65159f28953 Kalle Valo 2019-11-23 5694 rx_ev.status);
d5c65159f28953 Kalle Valo 2019-11-23 5695
d5c65159f28953 Kalle Valo 2019-11-23 5696 rcu_read_lock();
d5c65159f28953 Kalle Valo 2019-11-23 5697 ar = ath11k_mac_get_ar_by_pdev_id(ab, rx_ev.pdev_id);
d5c65159f28953 Kalle Valo 2019-11-23 5698
d5c65159f28953 Kalle Valo 2019-11-23 5699 if (!ar) {
d5c65159f28953 Kalle Valo 2019-11-23 5700 ath11k_warn(ab, "invalid pdev_id %d in mgmt_rx_event\n",
d5c65159f28953 Kalle Valo 2019-11-23 5701 rx_ev.pdev_id);
d5c65159f28953 Kalle Valo 2019-11-23 5702 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5703 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5704 }
d5c65159f28953 Kalle Valo 2019-11-23 5705
d5c65159f28953 Kalle Valo 2019-11-23 5706 if ((test_bit(ATH11K_CAC_RUNNING, &ar->dev_flags)) ||
d5c65159f28953 Kalle Valo 2019-11-23 5707 (rx_ev.status & (WMI_RX_STATUS_ERR_DECRYPT |
d5c65159f28953 Kalle Valo 2019-11-23 5708 WMI_RX_STATUS_ERR_KEY_CACHE_MISS | WMI_RX_STATUS_ERR_CRC))) {
d5c65159f28953 Kalle Valo 2019-11-23 5709 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5710 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5711 }
d5c65159f28953 Kalle Valo 2019-11-23 5712
d5c65159f28953 Kalle Valo 2019-11-23 5713 if (rx_ev.status & WMI_RX_STATUS_ERR_MIC)
d5c65159f28953 Kalle Valo 2019-11-23 5714 status->flag |= RX_FLAG_MMIC_ERROR;
d5c65159f28953 Kalle Valo 2019-11-23 5715
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5716 if (rx_ev.chan_freq >= ATH11K_MIN_6G_FREQ) {
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5717 status->band = NL80211_BAND_6GHZ;
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5718 } else if (rx_ev.channel >= 1 && rx_ev.channel <= 14) {
d5c65159f28953 Kalle Valo 2019-11-23 5719 status->band = NL80211_BAND_2GHZ;
d5c65159f28953 Kalle Valo 2019-11-23 5720 } else if (rx_ev.channel >= 36 && rx_ev.channel <= ATH11K_MAX_5G_CHAN) {
d5c65159f28953 Kalle Valo 2019-11-23 5721 status->band = NL80211_BAND_5GHZ;
d5c65159f28953 Kalle Valo 2019-11-23 5722 } else {
d5c65159f28953 Kalle Valo 2019-11-23 5723 /* Shouldn't happen unless list of advertised channels to
d5c65159f28953 Kalle Valo 2019-11-23 5724 * mac80211 has been changed.
d5c65159f28953 Kalle Valo 2019-11-23 5725 */
d5c65159f28953 Kalle Valo 2019-11-23 5726 WARN_ON_ONCE(1);
d5c65159f28953 Kalle Valo 2019-11-23 5727 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5728 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5729 }
d5c65159f28953 Kalle Valo 2019-11-23 5730
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5731 if (rx_ev.phy_mode == MODE_11B &&
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5732 (status->band == NL80211_BAND_5GHZ || status->band == NL80211_BAND_6GHZ))
d5c65159f28953 Kalle Valo 2019-11-23 5733 ath11k_dbg(ab, ATH11K_DBG_WMI,
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5734 "wmi mgmt rx 11b (CCK) on 5/6GHz, band = %d\n", status->band);
d5c65159f28953 Kalle Valo 2019-11-23 5735
d5c65159f28953 Kalle Valo 2019-11-23 5736 sband = &ar->mac.sbands[status->band];
d5c65159f28953 Kalle Valo 2019-11-23 5737
d5c65159f28953 Kalle Valo 2019-11-23 5738 status->freq = ieee80211_channel_to_frequency(rx_ev.channel,
d5c65159f28953 Kalle Valo 2019-11-23 5739 status->band);
d5c65159f28953 Kalle Valo 2019-11-23 @5740 status->signal = rx_ev.snr + ATH11K_DEFAULT_NOISE_FLOOR;
d5c65159f28953 Kalle Valo 2019-11-23 5741 status->rate_idx = ath11k_mac_bitrate_to_idx(sband, rx_ev.rate / 100);
d5c65159f28953 Kalle Valo 2019-11-23 5742
d5c65159f28953 Kalle Valo 2019-11-23 5743 hdr = (struct ieee80211_hdr *)skb->data;
d5c65159f28953 Kalle Valo 2019-11-23 5744 fc = le16_to_cpu(hdr->frame_control);
d5c65159f28953 Kalle Valo 2019-11-23 5745
d5c65159f28953 Kalle Valo 2019-11-23 5746 /* Firmware is guaranteed to report all essential management frames via
d5c65159f28953 Kalle Valo 2019-11-23 5747 * WMI while it can deliver some extra via HTT. Since there can be
d5c65159f28953 Kalle Valo 2019-11-23 5748 * duplicates split the reporting wrt monitor/sniffing.
d5c65159f28953 Kalle Valo 2019-11-23 5749 */
d5c65159f28953 Kalle Valo 2019-11-23 5750 status->flag |= RX_FLAG_SKIP_MONITOR;
d5c65159f28953 Kalle Valo 2019-11-23 5751
d5c65159f28953 Kalle Valo 2019-11-23 5752 /* In case of PMF, FW delivers decrypted frames with Protected Bit set.
d5c65159f28953 Kalle Valo 2019-11-23 5753 * Don't clear that. Also, FW delivers broadcast management frames
d5c65159f28953 Kalle Valo 2019-11-23 5754 * (ex: group privacy action frames in mesh) as encrypted payload.
d5c65159f28953 Kalle Valo 2019-11-23 5755 */
d5c65159f28953 Kalle Valo 2019-11-23 5756 if (ieee80211_has_protected(hdr->frame_control) &&
d5c65159f28953 Kalle Valo 2019-11-23 5757 !is_multicast_ether_addr(ieee80211_get_DA(hdr))) {
d5c65159f28953 Kalle Valo 2019-11-23 5758 status->flag |= RX_FLAG_DECRYPTED;
d5c65159f28953 Kalle Valo 2019-11-23 5759
d5c65159f28953 Kalle Valo 2019-11-23 5760 if (!ieee80211_is_robust_mgmt_frame(skb)) {
d5c65159f28953 Kalle Valo 2019-11-23 5761 status->flag |= RX_FLAG_IV_STRIPPED |
d5c65159f28953 Kalle Valo 2019-11-23 5762 RX_FLAG_MMIC_STRIPPED;
d5c65159f28953 Kalle Valo 2019-11-23 5763 hdr->frame_control = __cpu_to_le16(fc &
d5c65159f28953 Kalle Valo 2019-11-23 5764 ~IEEE80211_FCTL_PROTECTED);
d5c65159f28953 Kalle Valo 2019-11-23 5765 }
d5c65159f28953 Kalle Valo 2019-11-23 5766 }
d5c65159f28953 Kalle Valo 2019-11-23 5767
d5c65159f28953 Kalle Valo 2019-11-23 5768 /* TODO: Pending handle beacon implementation
d5c65159f28953 Kalle Valo 2019-11-23 5769 *if (ieee80211_is_beacon(hdr->frame_control))
d5c65159f28953 Kalle Valo 2019-11-23 5770 * ath11k_mac_handle_beacon(ar, skb);
d5c65159f28953 Kalle Valo 2019-11-23 5771 */
d5c65159f28953 Kalle Valo 2019-11-23 5772
d5c65159f28953 Kalle Valo 2019-11-23 5773 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f28953 Kalle Valo 2019-11-23 5774 "event mgmt rx skb %pK len %d ftype %02x stype %02x\n",
d5c65159f28953 Kalle Valo 2019-11-23 5775 skb, skb->len,
d5c65159f28953 Kalle Valo 2019-11-23 5776 fc & IEEE80211_FCTL_FTYPE, fc & IEEE80211_FCTL_STYPE);
d5c65159f28953 Kalle Valo 2019-11-23 5777
d5c65159f28953 Kalle Valo 2019-11-23 5778 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f28953 Kalle Valo 2019-11-23 5779 "event mgmt rx freq %d band %d snr %d, rate_idx %d\n",
d5c65159f28953 Kalle Valo 2019-11-23 5780 status->freq, status->band, status->signal,
d5c65159f28953 Kalle Valo 2019-11-23 5781 status->rate_idx);
d5c65159f28953 Kalle Valo 2019-11-23 5782
d5c65159f28953 Kalle Valo 2019-11-23 5783 ieee80211_rx_ni(ar->hw, skb);
d5c65159f28953 Kalle Valo 2019-11-23 5784
d5c65159f28953 Kalle Valo 2019-11-23 5785 exit:
d5c65159f28953 Kalle Valo 2019-11-23 5786 rcu_read_unlock();
d5c65159f28953 Kalle Valo 2019-11-23 5787 }
d5c65159f28953 Kalle Valo 2019-11-23 5788
:::::: The code at line 5740 was first introduced by commit
:::::: d5c65159f2895379e11ca13f62feabe93278985d ath11k: driver for Qualcomm IEEE 802.11ax devices
:::::: TO: Kalle Valo <kvalo@codeaurora.org>
:::::: CC: Kalle Valo <kvalo@codeaurora.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 36894 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
@ 2021-05-18 19:33 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2021-05-18 19:33 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 11976 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Carl Huang <cjhuang@codeaurora.org>
CC: Kalle Valo <kvalo@codeaurora.org>
Hi Carl,
First bad commit (maybe != root cause):
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 8ac91e6c6033ebc12c5c1e4aa171b81a662bd70f
commit: 322b60ceb0f321b4b9c41717f7306c0dbaf0279b ath11k: do not depend on ARCH_QCOM for ath11k
date: 9 months ago
:::::: branch date: 27 hours ago
:::::: commit date: 9 months ago
config: openrisc-randconfig-m031-20210518 (attached as .config)
compiler: or1k-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
drivers/net/wireless/ath/ath11k/htc.c:266 ath11k_htc_rx_completion_handler() warn: potential spectre issue 'htc->endpoint' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1527 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.umac_ring_bp_stats' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1534 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.lmac_ring_bp_stats' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1534 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.lmac_ring_bp_stats[ring_id]' [r] (local cap)
vim +5740 drivers/net/wireless/ath/ath11k/wmi.c
d5c65159f28953 Kalle Valo 2019-11-23 5675
d5c65159f28953 Kalle Valo 2019-11-23 5676 static void ath11k_mgmt_rx_event(struct ath11k_base *ab, struct sk_buff *skb)
d5c65159f28953 Kalle Valo 2019-11-23 5677 {
d5c65159f28953 Kalle Valo 2019-11-23 5678 struct mgmt_rx_event_params rx_ev = {0};
d5c65159f28953 Kalle Valo 2019-11-23 5679 struct ath11k *ar;
d5c65159f28953 Kalle Valo 2019-11-23 5680 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5681 struct ieee80211_hdr *hdr;
d5c65159f28953 Kalle Valo 2019-11-23 5682 u16 fc;
d5c65159f28953 Kalle Valo 2019-11-23 5683 struct ieee80211_supported_band *sband;
d5c65159f28953 Kalle Valo 2019-11-23 5684
d5c65159f28953 Kalle Valo 2019-11-23 5685 if (ath11k_pull_mgmt_rx_params_tlv(ab, skb, &rx_ev) != 0) {
d5c65159f28953 Kalle Valo 2019-11-23 5686 ath11k_warn(ab, "failed to extract mgmt rx event");
d5c65159f28953 Kalle Valo 2019-11-23 5687 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5688 return;
d5c65159f28953 Kalle Valo 2019-11-23 5689 }
d5c65159f28953 Kalle Valo 2019-11-23 5690
d5c65159f28953 Kalle Valo 2019-11-23 5691 memset(status, 0, sizeof(*status));
d5c65159f28953 Kalle Valo 2019-11-23 5692
d5c65159f28953 Kalle Valo 2019-11-23 5693 ath11k_dbg(ab, ATH11K_DBG_MGMT, "mgmt rx event status %08x\n",
d5c65159f28953 Kalle Valo 2019-11-23 5694 rx_ev.status);
d5c65159f28953 Kalle Valo 2019-11-23 5695
d5c65159f28953 Kalle Valo 2019-11-23 5696 rcu_read_lock();
d5c65159f28953 Kalle Valo 2019-11-23 5697 ar = ath11k_mac_get_ar_by_pdev_id(ab, rx_ev.pdev_id);
d5c65159f28953 Kalle Valo 2019-11-23 5698
d5c65159f28953 Kalle Valo 2019-11-23 5699 if (!ar) {
d5c65159f28953 Kalle Valo 2019-11-23 5700 ath11k_warn(ab, "invalid pdev_id %d in mgmt_rx_event\n",
d5c65159f28953 Kalle Valo 2019-11-23 5701 rx_ev.pdev_id);
d5c65159f28953 Kalle Valo 2019-11-23 5702 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5703 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5704 }
d5c65159f28953 Kalle Valo 2019-11-23 5705
d5c65159f28953 Kalle Valo 2019-11-23 5706 if ((test_bit(ATH11K_CAC_RUNNING, &ar->dev_flags)) ||
d5c65159f28953 Kalle Valo 2019-11-23 5707 (rx_ev.status & (WMI_RX_STATUS_ERR_DECRYPT |
d5c65159f28953 Kalle Valo 2019-11-23 5708 WMI_RX_STATUS_ERR_KEY_CACHE_MISS | WMI_RX_STATUS_ERR_CRC))) {
d5c65159f28953 Kalle Valo 2019-11-23 5709 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5710 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5711 }
d5c65159f28953 Kalle Valo 2019-11-23 5712
d5c65159f28953 Kalle Valo 2019-11-23 5713 if (rx_ev.status & WMI_RX_STATUS_ERR_MIC)
d5c65159f28953 Kalle Valo 2019-11-23 5714 status->flag |= RX_FLAG_MMIC_ERROR;
d5c65159f28953 Kalle Valo 2019-11-23 5715
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5716 if (rx_ev.chan_freq >= ATH11K_MIN_6G_FREQ) {
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5717 status->band = NL80211_BAND_6GHZ;
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5718 } else if (rx_ev.channel >= 1 && rx_ev.channel <= 14) {
d5c65159f28953 Kalle Valo 2019-11-23 5719 status->band = NL80211_BAND_2GHZ;
d5c65159f28953 Kalle Valo 2019-11-23 5720 } else if (rx_ev.channel >= 36 && rx_ev.channel <= ATH11K_MAX_5G_CHAN) {
d5c65159f28953 Kalle Valo 2019-11-23 5721 status->band = NL80211_BAND_5GHZ;
d5c65159f28953 Kalle Valo 2019-11-23 5722 } else {
d5c65159f28953 Kalle Valo 2019-11-23 5723 /* Shouldn't happen unless list of advertised channels to
d5c65159f28953 Kalle Valo 2019-11-23 5724 * mac80211 has been changed.
d5c65159f28953 Kalle Valo 2019-11-23 5725 */
d5c65159f28953 Kalle Valo 2019-11-23 5726 WARN_ON_ONCE(1);
d5c65159f28953 Kalle Valo 2019-11-23 5727 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5728 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5729 }
d5c65159f28953 Kalle Valo 2019-11-23 5730
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5731 if (rx_ev.phy_mode == MODE_11B &&
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5732 (status->band == NL80211_BAND_5GHZ || status->band == NL80211_BAND_6GHZ))
d5c65159f28953 Kalle Valo 2019-11-23 5733 ath11k_dbg(ab, ATH11K_DBG_WMI,
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5734 "wmi mgmt rx 11b (CCK) on 5/6GHz, band = %d\n", status->band);
d5c65159f28953 Kalle Valo 2019-11-23 5735
d5c65159f28953 Kalle Valo 2019-11-23 5736 sband = &ar->mac.sbands[status->band];
d5c65159f28953 Kalle Valo 2019-11-23 5737
d5c65159f28953 Kalle Valo 2019-11-23 5738 status->freq = ieee80211_channel_to_frequency(rx_ev.channel,
d5c65159f28953 Kalle Valo 2019-11-23 5739 status->band);
d5c65159f28953 Kalle Valo 2019-11-23 @5740 status->signal = rx_ev.snr + ATH11K_DEFAULT_NOISE_FLOOR;
d5c65159f28953 Kalle Valo 2019-11-23 5741 status->rate_idx = ath11k_mac_bitrate_to_idx(sband, rx_ev.rate / 100);
d5c65159f28953 Kalle Valo 2019-11-23 5742
d5c65159f28953 Kalle Valo 2019-11-23 5743 hdr = (struct ieee80211_hdr *)skb->data;
d5c65159f28953 Kalle Valo 2019-11-23 5744 fc = le16_to_cpu(hdr->frame_control);
d5c65159f28953 Kalle Valo 2019-11-23 5745
d5c65159f28953 Kalle Valo 2019-11-23 5746 /* Firmware is guaranteed to report all essential management frames via
d5c65159f28953 Kalle Valo 2019-11-23 5747 * WMI while it can deliver some extra via HTT. Since there can be
d5c65159f28953 Kalle Valo 2019-11-23 5748 * duplicates split the reporting wrt monitor/sniffing.
d5c65159f28953 Kalle Valo 2019-11-23 5749 */
d5c65159f28953 Kalle Valo 2019-11-23 5750 status->flag |= RX_FLAG_SKIP_MONITOR;
d5c65159f28953 Kalle Valo 2019-11-23 5751
d5c65159f28953 Kalle Valo 2019-11-23 5752 /* In case of PMF, FW delivers decrypted frames with Protected Bit set.
d5c65159f28953 Kalle Valo 2019-11-23 5753 * Don't clear that. Also, FW delivers broadcast management frames
d5c65159f28953 Kalle Valo 2019-11-23 5754 * (ex: group privacy action frames in mesh) as encrypted payload.
d5c65159f28953 Kalle Valo 2019-11-23 5755 */
d5c65159f28953 Kalle Valo 2019-11-23 5756 if (ieee80211_has_protected(hdr->frame_control) &&
d5c65159f28953 Kalle Valo 2019-11-23 5757 !is_multicast_ether_addr(ieee80211_get_DA(hdr))) {
d5c65159f28953 Kalle Valo 2019-11-23 5758 status->flag |= RX_FLAG_DECRYPTED;
d5c65159f28953 Kalle Valo 2019-11-23 5759
d5c65159f28953 Kalle Valo 2019-11-23 5760 if (!ieee80211_is_robust_mgmt_frame(skb)) {
d5c65159f28953 Kalle Valo 2019-11-23 5761 status->flag |= RX_FLAG_IV_STRIPPED |
d5c65159f28953 Kalle Valo 2019-11-23 5762 RX_FLAG_MMIC_STRIPPED;
d5c65159f28953 Kalle Valo 2019-11-23 5763 hdr->frame_control = __cpu_to_le16(fc &
d5c65159f28953 Kalle Valo 2019-11-23 5764 ~IEEE80211_FCTL_PROTECTED);
d5c65159f28953 Kalle Valo 2019-11-23 5765 }
d5c65159f28953 Kalle Valo 2019-11-23 5766 }
d5c65159f28953 Kalle Valo 2019-11-23 5767
d5c65159f28953 Kalle Valo 2019-11-23 5768 /* TODO: Pending handle beacon implementation
d5c65159f28953 Kalle Valo 2019-11-23 5769 *if (ieee80211_is_beacon(hdr->frame_control))
d5c65159f28953 Kalle Valo 2019-11-23 5770 * ath11k_mac_handle_beacon(ar, skb);
d5c65159f28953 Kalle Valo 2019-11-23 5771 */
d5c65159f28953 Kalle Valo 2019-11-23 5772
d5c65159f28953 Kalle Valo 2019-11-23 5773 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f28953 Kalle Valo 2019-11-23 5774 "event mgmt rx skb %pK len %d ftype %02x stype %02x\n",
d5c65159f28953 Kalle Valo 2019-11-23 5775 skb, skb->len,
d5c65159f28953 Kalle Valo 2019-11-23 5776 fc & IEEE80211_FCTL_FTYPE, fc & IEEE80211_FCTL_STYPE);
d5c65159f28953 Kalle Valo 2019-11-23 5777
d5c65159f28953 Kalle Valo 2019-11-23 5778 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f28953 Kalle Valo 2019-11-23 5779 "event mgmt rx freq %d band %d snr %d, rate_idx %d\n",
d5c65159f28953 Kalle Valo 2019-11-23 5780 status->freq, status->band, status->signal,
d5c65159f28953 Kalle Valo 2019-11-23 5781 status->rate_idx);
d5c65159f28953 Kalle Valo 2019-11-23 5782
d5c65159f28953 Kalle Valo 2019-11-23 5783 ieee80211_rx_ni(ar->hw, skb);
d5c65159f28953 Kalle Valo 2019-11-23 5784
d5c65159f28953 Kalle Valo 2019-11-23 5785 exit:
d5c65159f28953 Kalle Valo 2019-11-23 5786 rcu_read_unlock();
d5c65159f28953 Kalle Valo 2019-11-23 5787 }
d5c65159f28953 Kalle Valo 2019-11-23 5788
:::::: The code at line 5740 was first introduced by commit
:::::: d5c65159f2895379e11ca13f62feabe93278985d ath11k: driver for Qualcomm IEEE 802.11ax devices
:::::: TO: Kalle Valo <kvalo@codeaurora.org>
:::::: CC: Kalle Valo <kvalo@codeaurora.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 21865 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
@ 2021-03-20 18:08 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2021-03-20 18:08 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 11837 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Carl Huang <cjhuang@codeaurora.org>
CC: Kalle Valo <kvalo@codeaurora.org>
Hi Carl,
First bad commit (maybe != root cause):
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 1c273e10bc0cc7efb933e0ca10e260cdfc9f0b8c
commit: 322b60ceb0f321b4b9c41717f7306c0dbaf0279b ath11k: do not depend on ARCH_QCOM for ath11k
date: 7 months ago
:::::: branch date: 18 hours ago
:::::: commit date: 7 months ago
config: x86_64-randconfig-m001-20210320 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
drivers/net/wireless/ath/ath11k/dp_rx.c:1527 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.umac_ring_bp_stats' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1534 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.lmac_ring_bp_stats' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1534 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.lmac_ring_bp_stats[ring_id]' [r] (local cap)
vim +5740 drivers/net/wireless/ath/ath11k/wmi.c
d5c65159f28953 Kalle Valo 2019-11-23 5675
d5c65159f28953 Kalle Valo 2019-11-23 5676 static void ath11k_mgmt_rx_event(struct ath11k_base *ab, struct sk_buff *skb)
d5c65159f28953 Kalle Valo 2019-11-23 5677 {
d5c65159f28953 Kalle Valo 2019-11-23 5678 struct mgmt_rx_event_params rx_ev = {0};
d5c65159f28953 Kalle Valo 2019-11-23 5679 struct ath11k *ar;
d5c65159f28953 Kalle Valo 2019-11-23 5680 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5681 struct ieee80211_hdr *hdr;
d5c65159f28953 Kalle Valo 2019-11-23 5682 u16 fc;
d5c65159f28953 Kalle Valo 2019-11-23 5683 struct ieee80211_supported_band *sband;
d5c65159f28953 Kalle Valo 2019-11-23 5684
d5c65159f28953 Kalle Valo 2019-11-23 5685 if (ath11k_pull_mgmt_rx_params_tlv(ab, skb, &rx_ev) != 0) {
d5c65159f28953 Kalle Valo 2019-11-23 5686 ath11k_warn(ab, "failed to extract mgmt rx event");
d5c65159f28953 Kalle Valo 2019-11-23 5687 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5688 return;
d5c65159f28953 Kalle Valo 2019-11-23 5689 }
d5c65159f28953 Kalle Valo 2019-11-23 5690
d5c65159f28953 Kalle Valo 2019-11-23 5691 memset(status, 0, sizeof(*status));
d5c65159f28953 Kalle Valo 2019-11-23 5692
d5c65159f28953 Kalle Valo 2019-11-23 5693 ath11k_dbg(ab, ATH11K_DBG_MGMT, "mgmt rx event status %08x\n",
d5c65159f28953 Kalle Valo 2019-11-23 5694 rx_ev.status);
d5c65159f28953 Kalle Valo 2019-11-23 5695
d5c65159f28953 Kalle Valo 2019-11-23 5696 rcu_read_lock();
d5c65159f28953 Kalle Valo 2019-11-23 5697 ar = ath11k_mac_get_ar_by_pdev_id(ab, rx_ev.pdev_id);
d5c65159f28953 Kalle Valo 2019-11-23 5698
d5c65159f28953 Kalle Valo 2019-11-23 5699 if (!ar) {
d5c65159f28953 Kalle Valo 2019-11-23 5700 ath11k_warn(ab, "invalid pdev_id %d in mgmt_rx_event\n",
d5c65159f28953 Kalle Valo 2019-11-23 5701 rx_ev.pdev_id);
d5c65159f28953 Kalle Valo 2019-11-23 5702 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5703 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5704 }
d5c65159f28953 Kalle Valo 2019-11-23 5705
d5c65159f28953 Kalle Valo 2019-11-23 5706 if ((test_bit(ATH11K_CAC_RUNNING, &ar->dev_flags)) ||
d5c65159f28953 Kalle Valo 2019-11-23 5707 (rx_ev.status & (WMI_RX_STATUS_ERR_DECRYPT |
d5c65159f28953 Kalle Valo 2019-11-23 5708 WMI_RX_STATUS_ERR_KEY_CACHE_MISS | WMI_RX_STATUS_ERR_CRC))) {
d5c65159f28953 Kalle Valo 2019-11-23 5709 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5710 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5711 }
d5c65159f28953 Kalle Valo 2019-11-23 5712
d5c65159f28953 Kalle Valo 2019-11-23 5713 if (rx_ev.status & WMI_RX_STATUS_ERR_MIC)
d5c65159f28953 Kalle Valo 2019-11-23 5714 status->flag |= RX_FLAG_MMIC_ERROR;
d5c65159f28953 Kalle Valo 2019-11-23 5715
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5716 if (rx_ev.chan_freq >= ATH11K_MIN_6G_FREQ) {
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5717 status->band = NL80211_BAND_6GHZ;
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5718 } else if (rx_ev.channel >= 1 && rx_ev.channel <= 14) {
d5c65159f28953 Kalle Valo 2019-11-23 5719 status->band = NL80211_BAND_2GHZ;
d5c65159f28953 Kalle Valo 2019-11-23 5720 } else if (rx_ev.channel >= 36 && rx_ev.channel <= ATH11K_MAX_5G_CHAN) {
d5c65159f28953 Kalle Valo 2019-11-23 5721 status->band = NL80211_BAND_5GHZ;
d5c65159f28953 Kalle Valo 2019-11-23 5722 } else {
d5c65159f28953 Kalle Valo 2019-11-23 5723 /* Shouldn't happen unless list of advertised channels to
d5c65159f28953 Kalle Valo 2019-11-23 5724 * mac80211 has been changed.
d5c65159f28953 Kalle Valo 2019-11-23 5725 */
d5c65159f28953 Kalle Valo 2019-11-23 5726 WARN_ON_ONCE(1);
d5c65159f28953 Kalle Valo 2019-11-23 5727 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5728 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5729 }
d5c65159f28953 Kalle Valo 2019-11-23 5730
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5731 if (rx_ev.phy_mode == MODE_11B &&
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5732 (status->band == NL80211_BAND_5GHZ || status->band == NL80211_BAND_6GHZ))
d5c65159f28953 Kalle Valo 2019-11-23 5733 ath11k_dbg(ab, ATH11K_DBG_WMI,
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5734 "wmi mgmt rx 11b (CCK) on 5/6GHz, band = %d\n", status->band);
d5c65159f28953 Kalle Valo 2019-11-23 5735
d5c65159f28953 Kalle Valo 2019-11-23 5736 sband = &ar->mac.sbands[status->band];
d5c65159f28953 Kalle Valo 2019-11-23 5737
d5c65159f28953 Kalle Valo 2019-11-23 5738 status->freq = ieee80211_channel_to_frequency(rx_ev.channel,
d5c65159f28953 Kalle Valo 2019-11-23 5739 status->band);
d5c65159f28953 Kalle Valo 2019-11-23 @5740 status->signal = rx_ev.snr + ATH11K_DEFAULT_NOISE_FLOOR;
d5c65159f28953 Kalle Valo 2019-11-23 5741 status->rate_idx = ath11k_mac_bitrate_to_idx(sband, rx_ev.rate / 100);
d5c65159f28953 Kalle Valo 2019-11-23 5742
d5c65159f28953 Kalle Valo 2019-11-23 5743 hdr = (struct ieee80211_hdr *)skb->data;
d5c65159f28953 Kalle Valo 2019-11-23 5744 fc = le16_to_cpu(hdr->frame_control);
d5c65159f28953 Kalle Valo 2019-11-23 5745
d5c65159f28953 Kalle Valo 2019-11-23 5746 /* Firmware is guaranteed to report all essential management frames via
d5c65159f28953 Kalle Valo 2019-11-23 5747 * WMI while it can deliver some extra via HTT. Since there can be
d5c65159f28953 Kalle Valo 2019-11-23 5748 * duplicates split the reporting wrt monitor/sniffing.
d5c65159f28953 Kalle Valo 2019-11-23 5749 */
d5c65159f28953 Kalle Valo 2019-11-23 5750 status->flag |= RX_FLAG_SKIP_MONITOR;
d5c65159f28953 Kalle Valo 2019-11-23 5751
d5c65159f28953 Kalle Valo 2019-11-23 5752 /* In case of PMF, FW delivers decrypted frames with Protected Bit set.
d5c65159f28953 Kalle Valo 2019-11-23 5753 * Don't clear that. Also, FW delivers broadcast management frames
d5c65159f28953 Kalle Valo 2019-11-23 5754 * (ex: group privacy action frames in mesh) as encrypted payload.
d5c65159f28953 Kalle Valo 2019-11-23 5755 */
d5c65159f28953 Kalle Valo 2019-11-23 5756 if (ieee80211_has_protected(hdr->frame_control) &&
d5c65159f28953 Kalle Valo 2019-11-23 5757 !is_multicast_ether_addr(ieee80211_get_DA(hdr))) {
d5c65159f28953 Kalle Valo 2019-11-23 5758 status->flag |= RX_FLAG_DECRYPTED;
d5c65159f28953 Kalle Valo 2019-11-23 5759
d5c65159f28953 Kalle Valo 2019-11-23 5760 if (!ieee80211_is_robust_mgmt_frame(skb)) {
d5c65159f28953 Kalle Valo 2019-11-23 5761 status->flag |= RX_FLAG_IV_STRIPPED |
d5c65159f28953 Kalle Valo 2019-11-23 5762 RX_FLAG_MMIC_STRIPPED;
d5c65159f28953 Kalle Valo 2019-11-23 5763 hdr->frame_control = __cpu_to_le16(fc &
d5c65159f28953 Kalle Valo 2019-11-23 5764 ~IEEE80211_FCTL_PROTECTED);
d5c65159f28953 Kalle Valo 2019-11-23 5765 }
d5c65159f28953 Kalle Valo 2019-11-23 5766 }
d5c65159f28953 Kalle Valo 2019-11-23 5767
d5c65159f28953 Kalle Valo 2019-11-23 5768 /* TODO: Pending handle beacon implementation
d5c65159f28953 Kalle Valo 2019-11-23 5769 *if (ieee80211_is_beacon(hdr->frame_control))
d5c65159f28953 Kalle Valo 2019-11-23 5770 * ath11k_mac_handle_beacon(ar, skb);
d5c65159f28953 Kalle Valo 2019-11-23 5771 */
d5c65159f28953 Kalle Valo 2019-11-23 5772
d5c65159f28953 Kalle Valo 2019-11-23 5773 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f28953 Kalle Valo 2019-11-23 5774 "event mgmt rx skb %pK len %d ftype %02x stype %02x\n",
d5c65159f28953 Kalle Valo 2019-11-23 5775 skb, skb->len,
d5c65159f28953 Kalle Valo 2019-11-23 5776 fc & IEEE80211_FCTL_FTYPE, fc & IEEE80211_FCTL_STYPE);
d5c65159f28953 Kalle Valo 2019-11-23 5777
d5c65159f28953 Kalle Valo 2019-11-23 5778 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f28953 Kalle Valo 2019-11-23 5779 "event mgmt rx freq %d band %d snr %d, rate_idx %d\n",
d5c65159f28953 Kalle Valo 2019-11-23 5780 status->freq, status->band, status->signal,
d5c65159f28953 Kalle Valo 2019-11-23 5781 status->rate_idx);
d5c65159f28953 Kalle Valo 2019-11-23 5782
d5c65159f28953 Kalle Valo 2019-11-23 5783 ieee80211_rx_ni(ar->hw, skb);
d5c65159f28953 Kalle Valo 2019-11-23 5784
d5c65159f28953 Kalle Valo 2019-11-23 5785 exit:
d5c65159f28953 Kalle Valo 2019-11-23 5786 rcu_read_unlock();
d5c65159f28953 Kalle Valo 2019-11-23 5787 }
d5c65159f28953 Kalle Valo 2019-11-23 5788
:::::: The code at line 5740 was first introduced by commit
:::::: d5c65159f2895379e11ca13f62feabe93278985d ath11k: driver for Qualcomm IEEE 802.11ax devices
:::::: TO: Kalle Valo <kvalo@codeaurora.org>
:::::: CC: Kalle Valo <kvalo@codeaurora.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 39310 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
@ 2021-02-27 21:14 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2021-02-27 21:14 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 11995 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Govind Singh <govinds@codeaurora.org>
CC: Kalle Valo <kvalo@codeaurora.org>
Hi Govind,
First bad commit (maybe != root cause):
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 5695e51619745d4fe3ec2506a2f0cd982c5e27a4
commit: 1ff8ed786d5d8ed6d109affe6d732dfc85a45b2e ath11k: use remoteproc only with AHB devices
date: 6 months ago
:::::: branch date: 5 hours ago
:::::: commit date: 6 months ago
config: x86_64-randconfig-m001-20210228 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
drivers/net/wireless/ath/ath11k/dp_rx.c:1527 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.umac_ring_bp_stats' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1534 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.lmac_ring_bp_stats' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1534 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.lmac_ring_bp_stats[ring_id]' [r] (local cap)
Old smatch warnings:
drivers/net/wireless/ath/ath11k/dp_rx.c:1072 ath11k_dp_peer_rx_pn_replay_config() warn: inconsistent returns '&ab->base_lock'.
vim +5740 drivers/net/wireless/ath/ath11k/wmi.c
d5c65159f28953 Kalle Valo 2019-11-23 5675
d5c65159f28953 Kalle Valo 2019-11-23 5676 static void ath11k_mgmt_rx_event(struct ath11k_base *ab, struct sk_buff *skb)
d5c65159f28953 Kalle Valo 2019-11-23 5677 {
d5c65159f28953 Kalle Valo 2019-11-23 5678 struct mgmt_rx_event_params rx_ev = {0};
d5c65159f28953 Kalle Valo 2019-11-23 5679 struct ath11k *ar;
d5c65159f28953 Kalle Valo 2019-11-23 5680 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5681 struct ieee80211_hdr *hdr;
d5c65159f28953 Kalle Valo 2019-11-23 5682 u16 fc;
d5c65159f28953 Kalle Valo 2019-11-23 5683 struct ieee80211_supported_band *sband;
d5c65159f28953 Kalle Valo 2019-11-23 5684
d5c65159f28953 Kalle Valo 2019-11-23 5685 if (ath11k_pull_mgmt_rx_params_tlv(ab, skb, &rx_ev) != 0) {
d5c65159f28953 Kalle Valo 2019-11-23 5686 ath11k_warn(ab, "failed to extract mgmt rx event");
d5c65159f28953 Kalle Valo 2019-11-23 5687 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5688 return;
d5c65159f28953 Kalle Valo 2019-11-23 5689 }
d5c65159f28953 Kalle Valo 2019-11-23 5690
d5c65159f28953 Kalle Valo 2019-11-23 5691 memset(status, 0, sizeof(*status));
d5c65159f28953 Kalle Valo 2019-11-23 5692
d5c65159f28953 Kalle Valo 2019-11-23 5693 ath11k_dbg(ab, ATH11K_DBG_MGMT, "mgmt rx event status %08x\n",
d5c65159f28953 Kalle Valo 2019-11-23 5694 rx_ev.status);
d5c65159f28953 Kalle Valo 2019-11-23 5695
d5c65159f28953 Kalle Valo 2019-11-23 5696 rcu_read_lock();
d5c65159f28953 Kalle Valo 2019-11-23 5697 ar = ath11k_mac_get_ar_by_pdev_id(ab, rx_ev.pdev_id);
d5c65159f28953 Kalle Valo 2019-11-23 5698
d5c65159f28953 Kalle Valo 2019-11-23 5699 if (!ar) {
d5c65159f28953 Kalle Valo 2019-11-23 5700 ath11k_warn(ab, "invalid pdev_id %d in mgmt_rx_event\n",
d5c65159f28953 Kalle Valo 2019-11-23 5701 rx_ev.pdev_id);
d5c65159f28953 Kalle Valo 2019-11-23 5702 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5703 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5704 }
d5c65159f28953 Kalle Valo 2019-11-23 5705
d5c65159f28953 Kalle Valo 2019-11-23 5706 if ((test_bit(ATH11K_CAC_RUNNING, &ar->dev_flags)) ||
d5c65159f28953 Kalle Valo 2019-11-23 5707 (rx_ev.status & (WMI_RX_STATUS_ERR_DECRYPT |
d5c65159f28953 Kalle Valo 2019-11-23 5708 WMI_RX_STATUS_ERR_KEY_CACHE_MISS | WMI_RX_STATUS_ERR_CRC))) {
d5c65159f28953 Kalle Valo 2019-11-23 5709 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5710 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5711 }
d5c65159f28953 Kalle Valo 2019-11-23 5712
d5c65159f28953 Kalle Valo 2019-11-23 5713 if (rx_ev.status & WMI_RX_STATUS_ERR_MIC)
d5c65159f28953 Kalle Valo 2019-11-23 5714 status->flag |= RX_FLAG_MMIC_ERROR;
d5c65159f28953 Kalle Valo 2019-11-23 5715
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5716 if (rx_ev.chan_freq >= ATH11K_MIN_6G_FREQ) {
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5717 status->band = NL80211_BAND_6GHZ;
5dcf42f8b79d14 Pradeep Kumar Chitrapu 2020-06-09 5718 } else if (rx_ev.channel >= 1 && rx_ev.channel <= 14) {
d5c65159f28953 Kalle Valo 2019-11-23 5719 status->band = NL80211_BAND_2GHZ;
d5c65159f28953 Kalle Valo 2019-11-23 5720 } else if (rx_ev.channel >= 36 && rx_ev.channel <= ATH11K_MAX_5G_CHAN) {
d5c65159f28953 Kalle Valo 2019-11-23 5721 status->band = NL80211_BAND_5GHZ;
d5c65159f28953 Kalle Valo 2019-11-23 5722 } else {
d5c65159f28953 Kalle Valo 2019-11-23 5723 /* Shouldn't happen unless list of advertised channels to
d5c65159f28953 Kalle Valo 2019-11-23 5724 * mac80211 has been changed.
d5c65159f28953 Kalle Valo 2019-11-23 5725 */
d5c65159f28953 Kalle Valo 2019-11-23 5726 WARN_ON_ONCE(1);
d5c65159f28953 Kalle Valo 2019-11-23 5727 dev_kfree_skb(skb);
d5c65159f28953 Kalle Valo 2019-11-23 5728 goto exit;
d5c65159f28953 Kalle Valo 2019-11-23 5729 }
d5c65159f28953 Kalle Valo 2019-11-23 5730
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5731 if (rx_ev.phy_mode == MODE_11B &&
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5732 (status->band == NL80211_BAND_5GHZ || status->band == NL80211_BAND_6GHZ))
d5c65159f28953 Kalle Valo 2019-11-23 5733 ath11k_dbg(ab, ATH11K_DBG_WMI,
22eeadcdeab63e Pradeep Kumar Chitrapu 2020-06-09 5734 "wmi mgmt rx 11b (CCK) on 5/6GHz, band = %d\n", status->band);
d5c65159f28953 Kalle Valo 2019-11-23 5735
d5c65159f28953 Kalle Valo 2019-11-23 5736 sband = &ar->mac.sbands[status->band];
d5c65159f28953 Kalle Valo 2019-11-23 5737
d5c65159f28953 Kalle Valo 2019-11-23 5738 status->freq = ieee80211_channel_to_frequency(rx_ev.channel,
d5c65159f28953 Kalle Valo 2019-11-23 5739 status->band);
d5c65159f28953 Kalle Valo 2019-11-23 @5740 status->signal = rx_ev.snr + ATH11K_DEFAULT_NOISE_FLOOR;
d5c65159f28953 Kalle Valo 2019-11-23 5741 status->rate_idx = ath11k_mac_bitrate_to_idx(sband, rx_ev.rate / 100);
d5c65159f28953 Kalle Valo 2019-11-23 5742
d5c65159f28953 Kalle Valo 2019-11-23 5743 hdr = (struct ieee80211_hdr *)skb->data;
d5c65159f28953 Kalle Valo 2019-11-23 5744 fc = le16_to_cpu(hdr->frame_control);
d5c65159f28953 Kalle Valo 2019-11-23 5745
d5c65159f28953 Kalle Valo 2019-11-23 5746 /* Firmware is guaranteed to report all essential management frames via
d5c65159f28953 Kalle Valo 2019-11-23 5747 * WMI while it can deliver some extra via HTT. Since there can be
d5c65159f28953 Kalle Valo 2019-11-23 5748 * duplicates split the reporting wrt monitor/sniffing.
d5c65159f28953 Kalle Valo 2019-11-23 5749 */
d5c65159f28953 Kalle Valo 2019-11-23 5750 status->flag |= RX_FLAG_SKIP_MONITOR;
d5c65159f28953 Kalle Valo 2019-11-23 5751
d5c65159f28953 Kalle Valo 2019-11-23 5752 /* In case of PMF, FW delivers decrypted frames with Protected Bit set.
d5c65159f28953 Kalle Valo 2019-11-23 5753 * Don't clear that. Also, FW delivers broadcast management frames
d5c65159f28953 Kalle Valo 2019-11-23 5754 * (ex: group privacy action frames in mesh) as encrypted payload.
d5c65159f28953 Kalle Valo 2019-11-23 5755 */
d5c65159f28953 Kalle Valo 2019-11-23 5756 if (ieee80211_has_protected(hdr->frame_control) &&
d5c65159f28953 Kalle Valo 2019-11-23 5757 !is_multicast_ether_addr(ieee80211_get_DA(hdr))) {
d5c65159f28953 Kalle Valo 2019-11-23 5758 status->flag |= RX_FLAG_DECRYPTED;
d5c65159f28953 Kalle Valo 2019-11-23 5759
d5c65159f28953 Kalle Valo 2019-11-23 5760 if (!ieee80211_is_robust_mgmt_frame(skb)) {
d5c65159f28953 Kalle Valo 2019-11-23 5761 status->flag |= RX_FLAG_IV_STRIPPED |
d5c65159f28953 Kalle Valo 2019-11-23 5762 RX_FLAG_MMIC_STRIPPED;
d5c65159f28953 Kalle Valo 2019-11-23 5763 hdr->frame_control = __cpu_to_le16(fc &
d5c65159f28953 Kalle Valo 2019-11-23 5764 ~IEEE80211_FCTL_PROTECTED);
d5c65159f28953 Kalle Valo 2019-11-23 5765 }
d5c65159f28953 Kalle Valo 2019-11-23 5766 }
d5c65159f28953 Kalle Valo 2019-11-23 5767
d5c65159f28953 Kalle Valo 2019-11-23 5768 /* TODO: Pending handle beacon implementation
d5c65159f28953 Kalle Valo 2019-11-23 5769 *if (ieee80211_is_beacon(hdr->frame_control))
d5c65159f28953 Kalle Valo 2019-11-23 5770 * ath11k_mac_handle_beacon(ar, skb);
d5c65159f28953 Kalle Valo 2019-11-23 5771 */
d5c65159f28953 Kalle Valo 2019-11-23 5772
d5c65159f28953 Kalle Valo 2019-11-23 5773 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f28953 Kalle Valo 2019-11-23 5774 "event mgmt rx skb %pK len %d ftype %02x stype %02x\n",
d5c65159f28953 Kalle Valo 2019-11-23 5775 skb, skb->len,
d5c65159f28953 Kalle Valo 2019-11-23 5776 fc & IEEE80211_FCTL_FTYPE, fc & IEEE80211_FCTL_STYPE);
d5c65159f28953 Kalle Valo 2019-11-23 5777
d5c65159f28953 Kalle Valo 2019-11-23 5778 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f28953 Kalle Valo 2019-11-23 5779 "event mgmt rx freq %d band %d snr %d, rate_idx %d\n",
d5c65159f28953 Kalle Valo 2019-11-23 5780 status->freq, status->band, status->signal,
d5c65159f28953 Kalle Valo 2019-11-23 5781 status->rate_idx);
d5c65159f28953 Kalle Valo 2019-11-23 5782
d5c65159f28953 Kalle Valo 2019-11-23 5783 ieee80211_rx_ni(ar->hw, skb);
d5c65159f28953 Kalle Valo 2019-11-23 5784
d5c65159f28953 Kalle Valo 2019-11-23 5785 exit:
d5c65159f28953 Kalle Valo 2019-11-23 5786 rcu_read_unlock();
d5c65159f28953 Kalle Valo 2019-11-23 5787 }
d5c65159f28953 Kalle Valo 2019-11-23 5788
:::::: The code at line 5740 was first introduced by commit
:::::: d5c65159f2895379e11ca13f62feabe93278985d ath11k: driver for Qualcomm IEEE 802.11ax devices
:::::: TO: Kalle Valo <kvalo@codeaurora.org>
:::::: CC: Kalle Valo <kvalo@codeaurora.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 41008 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
@ 2020-11-09 13:49 kernel test robot
0 siblings, 0 replies; 6+ messages in thread
From: kernel test robot @ 2020-11-09 13:49 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 12033 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Carl Huang <cjhuang@codeaurora.org>
CC: Kalle Valo <kvalo@codeaurora.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: f8394f232b1eab649ce2df5c5f15b0e528c92091
commit: 322b60ceb0f321b4b9c41717f7306c0dbaf0279b ath11k: do not depend on ARCH_QCOM for ath11k
date: 3 months ago
:::::: branch date: 14 hours ago
:::::: commit date: 3 months ago
config: h8300-randconfig-m031-20201109 (attached as .config)
compiler: h8300-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal'
drivers/net/wireless/ath/ath11k/htc.c:266 ath11k_htc_rx_completion_handler() warn: potential spectre issue 'htc->endpoint' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1527 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.umac_ring_bp_stats' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1534 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.lmac_ring_bp_stats' [r] (local cap)
drivers/net/wireless/ath/ath11k/dp_rx.c:1534 ath11k_htt_backpressure_event_handler() warn: potential spectre issue 'ab->soc_stats.bp_stats.lmac_ring_bp_stats[ring_id]' [r] (local cap)
vim +5740 drivers/net/wireless/ath/ath11k/wmi.c
d5c65159f289537 Kalle Valo 2019-11-23 5675
d5c65159f289537 Kalle Valo 2019-11-23 5676 static void ath11k_mgmt_rx_event(struct ath11k_base *ab, struct sk_buff *skb)
d5c65159f289537 Kalle Valo 2019-11-23 5677 {
d5c65159f289537 Kalle Valo 2019-11-23 5678 struct mgmt_rx_event_params rx_ev = {0};
d5c65159f289537 Kalle Valo 2019-11-23 5679 struct ath11k *ar;
d5c65159f289537 Kalle Valo 2019-11-23 5680 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
d5c65159f289537 Kalle Valo 2019-11-23 5681 struct ieee80211_hdr *hdr;
d5c65159f289537 Kalle Valo 2019-11-23 5682 u16 fc;
d5c65159f289537 Kalle Valo 2019-11-23 5683 struct ieee80211_supported_band *sband;
d5c65159f289537 Kalle Valo 2019-11-23 5684
d5c65159f289537 Kalle Valo 2019-11-23 5685 if (ath11k_pull_mgmt_rx_params_tlv(ab, skb, &rx_ev) != 0) {
d5c65159f289537 Kalle Valo 2019-11-23 5686 ath11k_warn(ab, "failed to extract mgmt rx event");
d5c65159f289537 Kalle Valo 2019-11-23 5687 dev_kfree_skb(skb);
d5c65159f289537 Kalle Valo 2019-11-23 5688 return;
d5c65159f289537 Kalle Valo 2019-11-23 5689 }
d5c65159f289537 Kalle Valo 2019-11-23 5690
d5c65159f289537 Kalle Valo 2019-11-23 5691 memset(status, 0, sizeof(*status));
d5c65159f289537 Kalle Valo 2019-11-23 5692
d5c65159f289537 Kalle Valo 2019-11-23 5693 ath11k_dbg(ab, ATH11K_DBG_MGMT, "mgmt rx event status %08x\n",
d5c65159f289537 Kalle Valo 2019-11-23 5694 rx_ev.status);
d5c65159f289537 Kalle Valo 2019-11-23 5695
d5c65159f289537 Kalle Valo 2019-11-23 5696 rcu_read_lock();
d5c65159f289537 Kalle Valo 2019-11-23 5697 ar = ath11k_mac_get_ar_by_pdev_id(ab, rx_ev.pdev_id);
d5c65159f289537 Kalle Valo 2019-11-23 5698
d5c65159f289537 Kalle Valo 2019-11-23 5699 if (!ar) {
d5c65159f289537 Kalle Valo 2019-11-23 5700 ath11k_warn(ab, "invalid pdev_id %d in mgmt_rx_event\n",
d5c65159f289537 Kalle Valo 2019-11-23 5701 rx_ev.pdev_id);
d5c65159f289537 Kalle Valo 2019-11-23 5702 dev_kfree_skb(skb);
d5c65159f289537 Kalle Valo 2019-11-23 5703 goto exit;
d5c65159f289537 Kalle Valo 2019-11-23 5704 }
d5c65159f289537 Kalle Valo 2019-11-23 5705
d5c65159f289537 Kalle Valo 2019-11-23 5706 if ((test_bit(ATH11K_CAC_RUNNING, &ar->dev_flags)) ||
d5c65159f289537 Kalle Valo 2019-11-23 5707 (rx_ev.status & (WMI_RX_STATUS_ERR_DECRYPT |
d5c65159f289537 Kalle Valo 2019-11-23 5708 WMI_RX_STATUS_ERR_KEY_CACHE_MISS | WMI_RX_STATUS_ERR_CRC))) {
d5c65159f289537 Kalle Valo 2019-11-23 5709 dev_kfree_skb(skb);
d5c65159f289537 Kalle Valo 2019-11-23 5710 goto exit;
d5c65159f289537 Kalle Valo 2019-11-23 5711 }
d5c65159f289537 Kalle Valo 2019-11-23 5712
d5c65159f289537 Kalle Valo 2019-11-23 5713 if (rx_ev.status & WMI_RX_STATUS_ERR_MIC)
d5c65159f289537 Kalle Valo 2019-11-23 5714 status->flag |= RX_FLAG_MMIC_ERROR;
d5c65159f289537 Kalle Valo 2019-11-23 5715
5dcf42f8b79d141 Pradeep Kumar Chitrapu 2020-06-09 5716 if (rx_ev.chan_freq >= ATH11K_MIN_6G_FREQ) {
5dcf42f8b79d141 Pradeep Kumar Chitrapu 2020-06-09 5717 status->band = NL80211_BAND_6GHZ;
5dcf42f8b79d141 Pradeep Kumar Chitrapu 2020-06-09 5718 } else if (rx_ev.channel >= 1 && rx_ev.channel <= 14) {
d5c65159f289537 Kalle Valo 2019-11-23 5719 status->band = NL80211_BAND_2GHZ;
d5c65159f289537 Kalle Valo 2019-11-23 5720 } else if (rx_ev.channel >= 36 && rx_ev.channel <= ATH11K_MAX_5G_CHAN) {
d5c65159f289537 Kalle Valo 2019-11-23 5721 status->band = NL80211_BAND_5GHZ;
d5c65159f289537 Kalle Valo 2019-11-23 5722 } else {
d5c65159f289537 Kalle Valo 2019-11-23 5723 /* Shouldn't happen unless list of advertised channels to
d5c65159f289537 Kalle Valo 2019-11-23 5724 * mac80211 has been changed.
d5c65159f289537 Kalle Valo 2019-11-23 5725 */
d5c65159f289537 Kalle Valo 2019-11-23 5726 WARN_ON_ONCE(1);
d5c65159f289537 Kalle Valo 2019-11-23 5727 dev_kfree_skb(skb);
d5c65159f289537 Kalle Valo 2019-11-23 5728 goto exit;
d5c65159f289537 Kalle Valo 2019-11-23 5729 }
d5c65159f289537 Kalle Valo 2019-11-23 5730
22eeadcdeab63e8 Pradeep Kumar Chitrapu 2020-06-09 5731 if (rx_ev.phy_mode == MODE_11B &&
22eeadcdeab63e8 Pradeep Kumar Chitrapu 2020-06-09 5732 (status->band == NL80211_BAND_5GHZ || status->band == NL80211_BAND_6GHZ))
d5c65159f289537 Kalle Valo 2019-11-23 5733 ath11k_dbg(ab, ATH11K_DBG_WMI,
22eeadcdeab63e8 Pradeep Kumar Chitrapu 2020-06-09 5734 "wmi mgmt rx 11b (CCK) on 5/6GHz, band = %d\n", status->band);
d5c65159f289537 Kalle Valo 2019-11-23 5735
d5c65159f289537 Kalle Valo 2019-11-23 5736 sband = &ar->mac.sbands[status->band];
d5c65159f289537 Kalle Valo 2019-11-23 5737
d5c65159f289537 Kalle Valo 2019-11-23 5738 status->freq = ieee80211_channel_to_frequency(rx_ev.channel,
d5c65159f289537 Kalle Valo 2019-11-23 5739 status->band);
d5c65159f289537 Kalle Valo 2019-11-23 @5740 status->signal = rx_ev.snr + ATH11K_DEFAULT_NOISE_FLOOR;
d5c65159f289537 Kalle Valo 2019-11-23 5741 status->rate_idx = ath11k_mac_bitrate_to_idx(sband, rx_ev.rate / 100);
d5c65159f289537 Kalle Valo 2019-11-23 5742
d5c65159f289537 Kalle Valo 2019-11-23 5743 hdr = (struct ieee80211_hdr *)skb->data;
d5c65159f289537 Kalle Valo 2019-11-23 5744 fc = le16_to_cpu(hdr->frame_control);
d5c65159f289537 Kalle Valo 2019-11-23 5745
d5c65159f289537 Kalle Valo 2019-11-23 5746 /* Firmware is guaranteed to report all essential management frames via
d5c65159f289537 Kalle Valo 2019-11-23 5747 * WMI while it can deliver some extra via HTT. Since there can be
d5c65159f289537 Kalle Valo 2019-11-23 5748 * duplicates split the reporting wrt monitor/sniffing.
d5c65159f289537 Kalle Valo 2019-11-23 5749 */
d5c65159f289537 Kalle Valo 2019-11-23 5750 status->flag |= RX_FLAG_SKIP_MONITOR;
d5c65159f289537 Kalle Valo 2019-11-23 5751
d5c65159f289537 Kalle Valo 2019-11-23 5752 /* In case of PMF, FW delivers decrypted frames with Protected Bit set.
d5c65159f289537 Kalle Valo 2019-11-23 5753 * Don't clear that. Also, FW delivers broadcast management frames
d5c65159f289537 Kalle Valo 2019-11-23 5754 * (ex: group privacy action frames in mesh) as encrypted payload.
d5c65159f289537 Kalle Valo 2019-11-23 5755 */
d5c65159f289537 Kalle Valo 2019-11-23 5756 if (ieee80211_has_protected(hdr->frame_control) &&
d5c65159f289537 Kalle Valo 2019-11-23 5757 !is_multicast_ether_addr(ieee80211_get_DA(hdr))) {
d5c65159f289537 Kalle Valo 2019-11-23 5758 status->flag |= RX_FLAG_DECRYPTED;
d5c65159f289537 Kalle Valo 2019-11-23 5759
d5c65159f289537 Kalle Valo 2019-11-23 5760 if (!ieee80211_is_robust_mgmt_frame(skb)) {
d5c65159f289537 Kalle Valo 2019-11-23 5761 status->flag |= RX_FLAG_IV_STRIPPED |
d5c65159f289537 Kalle Valo 2019-11-23 5762 RX_FLAG_MMIC_STRIPPED;
d5c65159f289537 Kalle Valo 2019-11-23 5763 hdr->frame_control = __cpu_to_le16(fc &
d5c65159f289537 Kalle Valo 2019-11-23 5764 ~IEEE80211_FCTL_PROTECTED);
d5c65159f289537 Kalle Valo 2019-11-23 5765 }
d5c65159f289537 Kalle Valo 2019-11-23 5766 }
d5c65159f289537 Kalle Valo 2019-11-23 5767
d5c65159f289537 Kalle Valo 2019-11-23 5768 /* TODO: Pending handle beacon implementation
d5c65159f289537 Kalle Valo 2019-11-23 5769 *if (ieee80211_is_beacon(hdr->frame_control))
d5c65159f289537 Kalle Valo 2019-11-23 5770 * ath11k_mac_handle_beacon(ar, skb);
d5c65159f289537 Kalle Valo 2019-11-23 5771 */
d5c65159f289537 Kalle Valo 2019-11-23 5772
d5c65159f289537 Kalle Valo 2019-11-23 5773 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f289537 Kalle Valo 2019-11-23 5774 "event mgmt rx skb %pK len %d ftype %02x stype %02x\n",
d5c65159f289537 Kalle Valo 2019-11-23 5775 skb, skb->len,
d5c65159f289537 Kalle Valo 2019-11-23 5776 fc & IEEE80211_FCTL_FTYPE, fc & IEEE80211_FCTL_STYPE);
d5c65159f289537 Kalle Valo 2019-11-23 5777
d5c65159f289537 Kalle Valo 2019-11-23 5778 ath11k_dbg(ab, ATH11K_DBG_MGMT,
d5c65159f289537 Kalle Valo 2019-11-23 5779 "event mgmt rx freq %d band %d snr %d, rate_idx %d\n",
d5c65159f289537 Kalle Valo 2019-11-23 5780 status->freq, status->band, status->signal,
d5c65159f289537 Kalle Valo 2019-11-23 5781 status->rate_idx);
d5c65159f289537 Kalle Valo 2019-11-23 5782
d5c65159f289537 Kalle Valo 2019-11-23 5783 ieee80211_rx_ni(ar->hw, skb);
d5c65159f289537 Kalle Valo 2019-11-23 5784
d5c65159f289537 Kalle Valo 2019-11-23 5785 exit:
d5c65159f289537 Kalle Valo 2019-11-23 5786 rcu_read_unlock();
d5c65159f289537 Kalle Valo 2019-11-23 5787 }
d5c65159f289537 Kalle Valo 2019-11-23 5788
:::::: The code at line 5740 was first introduced by commit
:::::: d5c65159f2895379e11ca13f62feabe93278985d ath11k: driver for Qualcomm IEEE 802.11ax devices
:::::: TO: Kalle Valo <kvalo@codeaurora.org>
:::::: CC: Kalle Valo <kvalo@codeaurora.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 27539 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-08-05 7:14 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-02 20:26 drivers/net/wireless/ath/ath11k/wmi.c:5740 ath11k_mgmt_rx_event() warn: 'rx_ev.snr + -95' 4294967201 can't fit into 127 'status->signal' kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2021-08-05 7:14 kernel test robot
2021-05-18 19:33 kernel test robot
2021-03-20 18:08 kernel test robot
2021-02-27 21:14 kernel test robot
2020-11-09 13:49 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.