From patchwork Tue Jun 14 13:53:12 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kalle Valo X-Patchwork-Id: 9175861 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2CA8A60772 for ; Tue, 14 Jun 2016 13:53:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1DFC428047 for ; Tue, 14 Jun 2016 13:53:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 130A928236; Tue, 14 Jun 2016 13:53:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 816DB20855 for ; Tue, 14 Jun 2016 13:53:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752483AbcFNNxe (ORCPT ); Tue, 14 Jun 2016 09:53:34 -0400 Received: from wolverine02.qualcomm.com ([199.106.114.251]:10903 "EHLO wolverine02.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752251AbcFNNxd convert rfc822-to-8bit (ORCPT ); Tue, 14 Jun 2016 09:53:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qca.qualcomm.com; i=@qca.qualcomm.com; q=dns/txt; s=qcdkim; t=1465912413; x=1497448413; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=oLRSukd2WtZDYTnV2hcmIKqidNh4hpPpr0fD+5Bz5I4=; b=vUqgLQczQ4QU74nPGQN2gvMHXA7x9KQdX6DhgmMh/v5keO2C4EJpwGfU VBDGpYymGjS1A3DQDKKufVSNfF7RdP0leCCM0H6GihYD1qjSO2aZqrghI ut2vWP8BEG9q2Vna4xcKPmfFjEic/wpZ22cVjBP2Q6kNfQ/5aN4Bf3c1G Y=; X-IronPort-AV: E=Sophos;i="5.26,470,1459839600"; d="scan'208";a="295606587" Received: from unknown (HELO Ironmsg03-L.qualcomm.com) ([10.53.140.110]) by wolverine02.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 14 Jun 2016 06:53:22 -0700 X-IronPort-AV: E=McAfee;i="5700,7163,8195"; a="1166449323" Received: from nasanexm01b.na.qualcomm.com ([10.85.0.82]) by Ironmsg03-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 14 Jun 2016 06:53:22 -0700 Received: from euamsexm01f.eu.qualcomm.com (10.251.127.43) by NASANEXM01B.na.qualcomm.com (10.85.0.82) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 14 Jun 2016 06:53:21 -0700 Received: from euamsexm01a.eu.qualcomm.com (10.251.127.40) by euamsexm01f.eu.qualcomm.com (10.251.127.43) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 14 Jun 2016 15:53:12 +0200 Received: from euamsexm01a.eu.qualcomm.com ([10.251.127.40]) by euamsexm01a.eu.qualcomm.com ([10.251.127.40]) with mapi id 15.00.1178.000; Tue, 14 Jun 2016 15:53:12 +0200 From: "Valo, Kalle" To: Bob Copeland CC: "linux-wireless@vger.kernel.org" , "ath10k@lists.infradead.org" Subject: Re: [PATCH] ath10k: fix potential null dereference bugs Thread-Topic: [PATCH] ath10k: fix potential null dereference bugs Thread-Index: AQHRwxdtKGszZlYxm02lNIFDh5Zc3w== Date: Tue, 14 Jun 2016 13:53:12 +0000 Message-ID: <87oa733mig.fsf@kamboji.qca.qualcomm.com> References: <1465563164-783-1-git-send-email-me@bobcopeland.com> In-Reply-To: <1465563164-783-1-git-send-email-me@bobcopeland.com> (Bob Copeland's message of "Fri, 10 Jun 2016 08:52:44 -0400") Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.251.52.12] Content-ID: <48195DDA6E122F4CBB892782BD2984CE@qualcomm.com> MIME-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Bob Copeland writes: > Smatch warns about a number of cases in ath10k where a pointer is > null-checked after it has already been dereferenced, in code involving > ath10k private virtual interface pointers. > > Fix these by making the dereference happen later. > > Addresses the following smatch warnings: > > drivers/net/wireless/ath/ath10k/mac.c:3651 ath10k_mac_txq_init() warn: variable dereferenced before check 'txq' (see line 3649) > drivers/net/wireless/ath/ath10k/mac.c:3664 ath10k_mac_txq_unref() warn: variable dereferenced before check 'txq' (see line 3659) > drivers/net/wireless/ath/ath10k/htt_tx.c:70 __ath10k_htt_tx_txq_recalc() warn: variable dereferenced before check 'txq->sta' (see line 52) > drivers/net/wireless/ath/ath10k/htt_tx.c:740 ath10k_htt_tx_get_vdev_id() warn: variable dereferenced before check 'cb->vif' (see line 736) > drivers/net/wireless/ath/ath10k/txrx.c:86 ath10k_txrx_tx_unref() warn: variable dereferenced before check 'txq' (see line 84) > drivers/net/wireless/ath/ath10k/wmi.c:1837 ath10k_wmi_op_gen_mgmt_tx() warn: variable dereferenced before check 'cb->vif' (see line 1825) > > Signed-off-by: Bob Copeland There was a new checkpatch warning: drivers/net/wireless/ath/ath10k/htt_tx.c:740: braces {} should be used on all arms of this statement I "fixed" it like this, which is folded to the patch in pending branch (pushed soon): To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/net/wireless/ath/ath10k/htt_tx.c b/drivers/net/wireless/ath/ath10k/htt_tx.c index dfcc43d80808..ae5b33fe5ba8 100644 --- a/drivers/net/wireless/ath/ath10k/htt_tx.c +++ b/drivers/net/wireless/ath/ath10k/htt_tx.c @@ -737,15 +737,16 @@ static u8 ath10k_htt_tx_get_vdev_id(struct ath10k *ar, struct sk_buff *skb) struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb); struct ath10k_vif *arvif; - if (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) + if (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) { return ar->scan.vdev_id; - else if (cb->vif) { + } else if (cb->vif) { arvif = (void *)cb->vif->drv_priv; return arvif->vdev_id; - } else if (ar->monitor_started) + } else if (ar->monitor_started) { return ar->monitor_vdev_id; - else + } else { return 0; + } } static u8 ath10k_htt_tx_get_tid(struct sk_buff *skb, bool is_eth)--