re: airo: clean up and clarify interrupt-time task handling

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dan Carpenter <dan.carpenter@oracle.com>
To: dcbw@redhat.com
Cc: linux-wireless@vger.kernel.org
Subject: re: airo: clean up and clarify interrupt-time task handling
Date: Fri, 10 Oct 2014 15:49:46 +0300	[thread overview]
Message-ID: <20141010124946.GA14358@mwanda> (raw)

Hello Dan Williams,

The patch f55d4517ebdd: "airo: clean up and clarify interrupt-time
task handling" from Jan 24, 2009, leads to the following static
checker warning:

	drivers/net/wireless/airo.c:3373 airo_handle_rx()
	warn: XXX pointer math issue ('buffer' is a 2 byte pointer)

drivers/net/wireless/airo.c
  3282  static void airo_handle_rx(struct airo_info *ai)
  3283  {
  3284          struct sk_buff *skb = NULL;
  3285          __le16 fc, v, *buffer, tmpbuf[4];
  3286          u16 len, hdrlen = 0, gap, fid;
  3287          struct rx_hdr hdr;
  3288          int success = 0;
  3289  

[ snip ]

  3354          } else {
  3355                  MICBuffer micbuf;
  3356  
  3357                  bap_read(ai, buffer, ETH_ALEN * 2, BAP0);
  3358                  if (ai->micstats.enabled) {
  3359                          bap_read(ai, (__le16 *) &micbuf, sizeof (micbuf), BAP0);
  3360                          if (ntohs(micbuf.typelen) > 0x05DC)
  3361                                  bap_setup(ai, fid, 0x44, BAP0);
  3362                          else {
  3363                                  if (len <= sizeof (micbuf)) {
  3364                                          dev_kfree_skb_irq(skb);
  3365                                          goto done;
  3366                                  }
  3367  
  3368                                  len -= sizeof(micbuf);
  3369                                  skb_trim(skb, len + hdrlen);
  3370                          }
  3371                  }
  3372  
  3373                  bap_read(ai, buffer + ETH_ALEN, len, BAP0);
                                     ^^^^^^^^^^^^^^^^^
It's really unusual to use ETH_ALEN to represent 12 bytes.  Normally
it is a bug when people do that.  But looking at the context it be
intentional here...  It's not clear.

  3374                  if (decapsulate(ai, &micbuf, (etherHead*) buffer, len))
  3375                          dev_kfree_skb_irq (skb);
  3376                  else
  3377                          success = 1;
  3378          }

regards,
dan carpenter

                 reply	other threads:[~2014-10-10 12:50 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20141010124946.GA14358@mwanda \
    --to=dan.carpenter@oracle.com \
    --cc=dcbw@redhat.com \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.