Hello Jim Baxter,
This is a semi-automatic email about new static checker warnings.
The patch 6d3865f9d41f: "usb: gadget: NCM: Add transmit multi-frame."
from Jul 7, 2014, leads to the following Smatch complaint:
drivers/usb/gadget/function/u_ether.c:570 eth_start_xmit()
error: we previously assumed 'skb' could be null (see line 509)
drivers/usb/gadget/function/u_ether.c
508 /* apply outgoing CDC or RNDIS filters */
509 if (skb && !is_promisc(cdc_filter)) {
^^^
Patch introduces check.
510 u8 *dest = skb->data;
511
512 if (is_multicast_ether_addr(dest)) {
513 u16 type;
514
515 /* ignores USB_CDC_PACKET_TYPE_MULTICAST and host
516 * SET_ETHERNET_MULTICAST_FILTERS requests
517 */
518 if (is_broadcast_ether_addr(dest))
519 type = USB_CDC_PACKET_TYPE_BROADCAST;
520 else
521 type = USB_CDC_PACKET_TYPE_ALL_MULTICAST;
522 if (!(cdc_filter & type)) {
523 dev_kfree_skb_any(skb);
524 return NETDEV_TX_OK;
525 }
526 }
527 /* ignores USB_CDC_PACKET_TYPE_DIRECTED */
528 }
529
530 spin_lock_irqsave(&dev->req_lock, flags);
531 /*
532 * this freelist can be empty if an interrupt triggered disconnect()
533 * and reconfigured the gadget (shutting down this queue) after the
534 * network stack decided to xmit but before we got the spinlock.
535 */
536 if (list_empty(&dev->tx_reqs)) {
537 spin_unlock_irqrestore(&dev->req_lock, flags);
538 return NETDEV_TX_BUSY;
539 }
540
541 req = container_of(dev->tx_reqs.next, struct usb_request, list);
542 list_del(&req->list);
543
544 /* temporarily stop TX queue when the freelist empties */
545 if (list_empty(&dev->tx_reqs))
546 netif_stop_queue(net);
547 spin_unlock_irqrestore(&dev->req_lock, flags);
548
549 /* no buffer copies needed, unless the network stack did it
550 * or the hardware can't use skb buffers.
551 * or there's not enough space for extra headers we need
552 */
553 if (dev->wrap) {
554 unsigned long flags;
555
556 spin_lock_irqsave(&dev->lock, flags);
557 if (dev->port_usb)
558 skb = dev->wrap(dev->port_usb, skb);
559 spin_unlock_irqrestore(&dev->lock, flags);
560 if (!skb) {
561 /* Multi frame CDC protocols may store the frame for
562 * later which is not a dropped frame.
563 */
564 if (dev->port_usb->supports_multi_frame)
565 goto multiframe;
566 goto drop;
567 }
568 }
569
570 length = skb->len;
^^^^^^^^
571 req->buf = skb->data;
^^^^^^^^^
Old unchecked dereferences.
572 req->context = skb;
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
