On Wed, Jan 19, 2022 at 02:56:52PM +0100, Johannes Berg wrote:
> On Wed, 2022-01-19 at 15:59 +0300, Dan Carpenter wrote:
> > Smatch complains that status->band comes from the skb->data
> >
>
> Hmm. How does it come to that conclusion? It's not really true? It comes
> from skb->cb, and the driver should fill it.
Ugh... Sorry. I misread the code. I spent some time trying to figure
this out as well, but I still didn't figure it out.
So, yeah. It's skb->cb and Smatch for some reason thinks skb->cb holds
user data... I will look into this.
> Also, we have:
>
> void ieee80211_rx_list(struct ieee80211_hw *hw, struct ieee80211_sta *pubsta,
> struct sk_buff *skb, struct list_head *list)
> {
> ...
> if (WARN_ON(status->band >= NUM_NL80211_BANDS))
> goto drop;
>
>
> so I really don't think this patch is needed?
The problem with that is that ->cb is an array of char so Smatch doesn't
track status->band across function boundaries.
regards,
dan carpenter
