* re: ath10k: replace vdev_id and tid in skb cb
@ 2015-12-09 10:49 Dan Carpenter
2015-12-10 13:18 ` Michal Kazior
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2015-12-09 10:49 UTC (permalink / raw)
To: michal.kazior; +Cc: ath10k
Hello Michal Kazior,
This is a semi-automatic email about new static checker warnings.
The patch 609db229b42f: "ath10k: replace vdev_id and tid in skb cb"
from Nov 18, 2015, leads to the following Smatch complaint:
drivers/net/wireless/ath/ath10k/htt_tx.c:450 ath10k_htt_tx_get_vdev_id()
warn: variable dereferenced before check 'cb->vif' (see line 446)
drivers/net/wireless/ath/ath10k/htt_tx.c
445 struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
446 struct ath10k_vif *arvif = (void *)cb->vif->drv_priv;
^^^^^^^^^
Dereference.
447
448 if (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN)
449 return ar->scan.vdev_id;
450 else if (cb->vif)
^^^^^^^
Checked too late.
451 return arvif->vdev_id;
452 else if (ar->monitor_started)
See also:
drivers/net/wireless/ath/ath10k/wmi.c:1830 ath10k_wmi_op_gen_mgmt_tx() warn: variable dereferenced before check 'cb->vif' (see line 1818)
regards,
dan carpenter
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: ath10k: replace vdev_id and tid in skb cb
2015-12-09 10:49 ath10k: replace vdev_id and tid in skb cb Dan Carpenter
@ 2015-12-10 13:18 ` Michal Kazior
0 siblings, 0 replies; 2+ messages in thread
From: Michal Kazior @ 2015-12-10 13:18 UTC (permalink / raw)
To: Dan Carpenter; +Cc: ath10k@lists.infradead.org
On 9 December 2015 at 11:49, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> Hello Michal Kazior,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch 609db229b42f: "ath10k: replace vdev_id and tid in skb cb"
> from Nov 18, 2015, leads to the following Smatch complaint:
>
> drivers/net/wireless/ath/ath10k/htt_tx.c:450 ath10k_htt_tx_get_vdev_id()
> warn: variable dereferenced before check 'cb->vif' (see line 446)
>
> drivers/net/wireless/ath/ath10k/htt_tx.c
> 445 struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
> 446 struct ath10k_vif *arvif = (void *)cb->vif->drv_priv;
> ^^^^^^^^^
> Dereference.
>
> 447
> 448 if (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN)
> 449 return ar->scan.vdev_id;
> 450 else if (cb->vif)
> ^^^^^^^
> Checked too late.
This is a false positive.
The drv_priv is a 0-len/dynamic array at the end of ieee80211_vif
struct. The cb->vif->drv_priv expression should be expanded to a mere
(cb->vif)+offsetof(drv_priv) which isn't a dereference per se.
Michał
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-12-10 13:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-09 10:49 ath10k: replace vdev_id and tid in skb cb Dan Carpenter
2015-12-10 13:18 ` Michal Kazior
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.