Search Linux Wireless

Re: [PATCH v3] cw1200: fix incorrect check to determine if no element is found in list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Xiaomeng Tong <xiam0nd.tong@xxxxxxxxx> writes:

> The bug is here: "} else if (item) {".
>
> The list iterator value will *always* be set and non-NULL by
> list_for_each_entry(), so it is incorrect to assume that the iterator
> value will be NULL if the list is empty or no element is found in list.
>
> Use a new value 'iter' as the list iterator, while use the old value
> 'item' as a dedicated pointer to point to the found element, which
> 1. can fix this bug, due to now 'item' is NULL only if it's not found.
> 2. do not need to change all the uses of 'item' after the loop.
> 3. can also limit the scope of the list iterator 'iter' *only inside*
>    the traversal loop by simply declaring 'iter' inside the loop in the
>    future, as usage of the iterator outside of the list_for_each_entry
>    is considered harmful. https://lkml.org/lkml/2022/2/17/1032
>
> Fixes: a910e4a94f692 ("cw1200: add driver for the ST-E CW1100 & CW1200 WLAN chipsets")
> Signed-off-by: Xiaomeng Tong <xiam0nd.tong@xxxxxxxxx>
> ---
> changes since v2:
>  - rebase on latest wireless-next (Kalle Valo)
> changes since v1:
>  - fix incorrect check to item (Jakob Koschel)
>
> v2: https://lore.kernel.org/lkml/20220320035436.11293-1-xiam0nd.tong@xxxxxxxxx/
> v1: https://lore.kernel.org/all/20220319063800.28791-1-xiam0nd.tong@xxxxxxxxx/
> ---
>  drivers/net/wireless/st/cw1200/queue.c | 18 ++++++++++--------
>  1 file changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/net/wireless/st/cw1200/queue.c b/drivers/net/wireless/st/cw1200/queue.c
> index e06da4b3b0d4..805a3c1bf8fe 100644
> --- a/drivers/net/wireless/st/cw1200/queue.c
> +++ b/drivers/net/wireless/st/cw1200/queue.c
> @@ -91,23 +91,25 @@ static void __cw1200_queue_gc(struct cw1200_queue *queue,
>  			      bool unlock)
>  {
>  	struct cw1200_queue_stats *stats = queue->stats;
> -	struct cw1200_queue_item *item = NULL, *tmp;
> +	struct cw1200_queue_item *item = NULL, *iter, *tmp;
>  	bool wakeup_stats = false;
>  
> -	list_for_each_entry_safe(item, tmp, &queue->queue, head) {
> -		if (time_is_after_jiffies(item->queue_timestamp + queue->ttl))
> +	list_for_each_entry_safe(iter, tmp, &queue->queue, head) {
> +		if (time_is_after_jiffies(iter->queue_timestamp + queue->ttl)) {
> +			item = iter;
>  			break;
> +		}
>  		--queue->num_queued;
> -		--queue->link_map_cache[item->txpriv.link_id];
> +		--queue->link_map_cache[iter->txpriv.link_id];
>  		spin_lock_bh(&stats->lock);
>  		--stats->num_queued;
> -		if (!--stats->link_map_cache[item->txpriv.link_id])
> +		if (!--stats->link_map_cache[iter->txpriv.link_id])
>  			wakeup_stats = true;
>  		spin_unlock_bh(&stats->lock);
>  		cw1200_debug_tx_ttl(stats->priv);
> -		cw1200_queue_register_post_gc(head, item);
> -		item->skb = NULL;
> -		list_move_tail(&item->head, &queue->free_pool);
> +		cw1200_queue_register_post_gc(head, iter);
> +		iter->skb = NULL;
> +		list_move_tail(&iter->head, &queue->free_pool);
>  	}
>  
>  	if (wakeup_stats)

I started to look at this myself. I don't know if I'm missing something,
but is the time_is_after_jiffies() really correct? This was added by
Wang in commit 8cbc3d51b4ae ("cw1200: use time_is_after_jiffies()
instead of open coding it"):

-               if (jiffies - item->queue_timestamp < queue->ttl)
+               if (time_is_after_jiffies(item->queue_timestamp + queue->ttl))

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cbc3d51b4ae

-- 
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches



[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux