Search Linux Wireless

RE: [bug report] iwlwifi: mvm: toggle tx antenna if tx fails during connection establishment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Dan,

The offending patch that caused the Smatch complaint is:
"iwlwifi: mvm: add explicit check for non-data frames in get Tx rate"

this patch adds an unconditional dereference of the  sta  parameter in iwl_mvm_get_tx_rate().
Before that, all the code paths check for the NULL option.

(this patch is from the recent days, that's why Smatch only complains now).

Regards,
Avi


-----Original Message-----
From: Dan Carpenter <dan.carpenter@xxxxxxxxxx> 
Sent: Wednesday, February 10, 2021 12:55
To: Stern, Avraham <avraham.stern@xxxxxxxxx>
Cc: linux-wireless@xxxxxxxxxxxxxxx
Subject: [bug report] iwlwifi: mvm: toggle tx antenna if tx fails during connection establishment

[ Sorry, I don't know why Smatch is warning about a three year old bug
  and I'm not sure that it's blaming the correct commit but the warning
  looks correct.  - dan ]

Hello Avraham Stern,

This is a semi-automatic email about new static checker warnings.

The patch 0dde2440a77f: "iwlwifi: mvm: toggle tx antenna if tx fails during connection establishment" from Jul 11, 2018, leads to the following Smatch complaint:

    drivers/net/wireless/intel/iwlwifi/mvm/tx.c:356 iwl_mvm_set_tx_cmd_rate()
    error: we previously assumed 'sta' could be null (see line 341)

drivers/net/wireless/intel/iwlwifi/mvm/tx.c
   340	
   341		if (ieee80211_is_data(fc) && sta) {
                                             ^^^ This assumes that "sta" can be NULL.

   342			struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
   343	
   344			if (mvmsta->sta_state >= IEEE80211_STA_AUTHORIZED) {
   345				tx_cmd->initial_rate_index = 0;
   346				tx_cmd->tx_flags |= cpu_to_le32(TX_CMD_FLG_STA_RATE);
   347				return;
   348			}
   349		} else if (ieee80211_is_back_req(fc)) {
   350			tx_cmd->tx_flags |=
   351				cpu_to_le32(TX_CMD_FLG_ACK | TX_CMD_FLG_BAR);
   352		}
   353	
   354		/* Set the rate in the TX cmd */
   355		tx_cmd->rate_n_flags =
   356			cpu_to_le32(iwl_mvm_get_tx_rate_n_flags(mvm, info, sta, fc));
                                                                           ^^^ It is dereferenced unconsiditionally inside the function.

   357	}
   358	

See also:
drivers/net/wireless/intel/iwlwifi/mvm/tx.c:486 iwl_mvm_set_tx_params() error: we previously assumed 'sta' could be null (see line 482)

regards,
dan carpenter
---------------------------------------------------------------------
A member of the Intel Corporation group of companies

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux