From patchwork Tue Jun 14 13:53:12 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kalle Valo <kvalo@qca.qualcomm.com>
X-Patchwork-Id: 9175863
X-Patchwork-Delegate: kvalo@adurom.com
Return-Path: 
 <ath10k-bounces+patchwork-ath10k=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	DD6D760772 for <patchwork-ath10k@patchwork.kernel.org>;
	Tue, 14 Jun 2016 13:53:51 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CDF3627DF9
	for <patchwork-ath10k@patchwork.kernel.org>;
	Tue, 14 Jun 2016 13:53:51 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C2D4D2823D; Tue, 14 Jun 2016 13:53:51 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[198.137.202.9])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D91CA28236
	for <patchwork-ath10k@patchwork.kernel.org>;
	Tue, 14 Jun 2016 13:53:49 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
	id 1bComn-0000ss-KK; Tue, 14 Jun 2016 13:53:45 +0000
Received: from wolverine01.qualcomm.com ([199.106.114.254])
	by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
	Linux)) id 1bComl-0000sH-M7
	for ath10k@lists.infradead.org; Tue, 14 Jun 2016 13:53:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=qca.qualcomm.com; i=@qca.qualcomm.com; q=dns/txt;
	s=qcdkim; t=1465912423; x=1497448423;
	h=from:to:cc:subject:date:message-id:references:
	in-reply-to:content-id:content-transfer-encoding: mime-version;
	bh=oLRSukd2WtZDYTnV2hcmIKqidNh4hpPpr0fD+5Bz5I4=;
	b=ELiCBqhnmKXVa0ZbMqZdzjB0Xe7bKoKuU9Lyyb9hRRCILlvEE72SP4CN
	fypWTEGvOXqDj2coLM2dpPySra3Gx/ctcSXxuetFPhLi1iqQccCJMdY5i
	E09Megyw4iW2Ba0ULoco1puhQ+P6ET2nRgM9DJeQGnPqGcS0IOZIAVoSu Q=;
X-IronPort-AV: E=Sophos;i="5.26,470,1459839600"; d="scan'208";a="200445725"
Received: from unknown (HELO Ironmsg03-L.qualcomm.com) ([10.53.140.110])
	by wolverine01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA;
	14 Jun 2016 06:53:22 -0700
X-IronPort-AV: E=McAfee;i="5700,7163,8195"; a="1166449323"
Received: from nasanexm01b.na.qualcomm.com ([10.85.0.82])
	by Ironmsg03-L.qualcomm.com with ESMTP/TLS/RC4-SHA;
	14 Jun 2016 06:53:22 -0700
Received: from euamsexm01f.eu.qualcomm.com (10.251.127.43) by
	NASANEXM01B.na.qualcomm.com (10.85.0.82) with Microsoft SMTP Server
	(TLS) id 15.0.1178.4; Tue, 14 Jun 2016 06:53:21 -0700
Received: from euamsexm01a.eu.qualcomm.com (10.251.127.40) by
	euamsexm01f.eu.qualcomm.com (10.251.127.43) with Microsoft SMTP
	Server (TLS) id 15.0.1178.4; Tue, 14 Jun 2016 15:53:12 +0200
Received: from euamsexm01a.eu.qualcomm.com ([10.251.127.40]) by
	euamsexm01a.eu.qualcomm.com ([10.251.127.40]) with mapi id
	15.00.1178.000; Tue, 14 Jun 2016 15:53:12 +0200
From: "Valo, Kalle" <kvalo@qca.qualcomm.com>
To: Bob Copeland <me@bobcopeland.com>
Subject: Re: [PATCH] ath10k: fix potential null dereference bugs
Thread-Topic: [PATCH] ath10k: fix potential null dereference bugs
Thread-Index: AQHRwxdtKGszZlYxm02lNIFDh5Zc3w==
Date: Tue, 14 Jun 2016 13:53:12 +0000
Message-ID: <87oa733mig.fsf@kamboji.qca.qualcomm.com>
References: <1465563164-783-1-git-send-email-me@bobcopeland.com>
In-Reply-To: <1465563164-783-1-git-send-email-me@bobcopeland.com> (Bob
	Copeland's message of "Fri, 10 Jun 2016 08:52:44 -0400")
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.251.52.12]
Content-ID: <48195DDA6E122F4CBB892782BD2984CE@qualcomm.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20160614_065343_788112_1F86B39D 
X-CRM114-Status: UNSURE (   8.45  )
X-CRM114-Notice: Please train this message.
X-BeenThere: ath10k@lists.infradead.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: <ath10k.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/ath10k>,
	<mailto:ath10k-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/ath10k/>
List-Post: <mailto:ath10k@lists.infradead.org>
List-Help: <mailto:ath10k-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/ath10k>,
	<mailto:ath10k-request@lists.infradead.org?subject=subscribe>
Cc: "linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
	"ath10k@lists.infradead.org" <ath10k@lists.infradead.org>
Sender: "ath10k" <ath10k-bounces@lists.infradead.org>
Errors-To: 
 ath10k-bounces+patchwork-ath10k=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

Bob Copeland <me@bobcopeland.com> writes:

> Smatch warns about a number of cases in ath10k where a pointer is
> null-checked after it has already been dereferenced, in code involving
> ath10k private virtual interface pointers.
>
> Fix these by making the dereference happen later.
>
> Addresses the following smatch warnings:
>
> drivers/net/wireless/ath/ath10k/mac.c:3651 ath10k_mac_txq_init() warn: variable dereferenced before check 'txq' (see line 3649)
> drivers/net/wireless/ath/ath10k/mac.c:3664 ath10k_mac_txq_unref() warn: variable dereferenced before check 'txq' (see line 3659)
> drivers/net/wireless/ath/ath10k/htt_tx.c:70 __ath10k_htt_tx_txq_recalc() warn: variable dereferenced before check 'txq->sta' (see line 52)
> drivers/net/wireless/ath/ath10k/htt_tx.c:740 ath10k_htt_tx_get_vdev_id() warn: variable dereferenced before check 'cb->vif' (see line 736)
> drivers/net/wireless/ath/ath10k/txrx.c:86 ath10k_txrx_tx_unref() warn: variable dereferenced before check 'txq' (see line 84)
> drivers/net/wireless/ath/ath10k/wmi.c:1837 ath10k_wmi_op_gen_mgmt_tx() warn: variable dereferenced before check 'cb->vif' (see line 1825)
>
> Signed-off-by: Bob Copeland <me@bobcopeland.com>

There was a new checkpatch warning:

drivers/net/wireless/ath/ath10k/htt_tx.c:740: braces {} should be used on all arms of this statement

I "fixed" it like this, which is folded to the patch in pending branch
(pushed soon):

diff --git a/drivers/net/wireless/ath/ath10k/htt_tx.c b/drivers/net/wireless/ath/ath10k/htt_tx.c
index dfcc43d80808..ae5b33fe5ba8 100644
--- a/drivers/net/wireless/ath/ath10k/htt_tx.c
+++ b/drivers/net/wireless/ath/ath10k/htt_tx.c
@@ -737,15 +737,16 @@ static u8 ath10k_htt_tx_get_vdev_id(struct ath10k *ar, struct sk_buff *skb)
 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
 	struct ath10k_vif *arvif;
 
-	if (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN)
+	if (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
 		return ar->scan.vdev_id;
-	else if (cb->vif) {
+	} else if (cb->vif) {
 		arvif = (void *)cb->vif->drv_priv;
 		return arvif->vdev_id;
-	} else if (ar->monitor_started)
+	} else if (ar->monitor_started) {
 		return ar->monitor_vdev_id;
-	else
+	} else {
 		return 0;
+	}
 }
 
 static u8 ath10k_htt_tx_get_tid(struct sk_buff *skb, bool is_eth)