All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: toke@toke.dk
Cc: linux-wireless@vger.kernel.org
Subject: [bug report] mac80211: Move reorder-sensitive TX handlers to after TXQ dequeue
Date: Wed, 12 Oct 2016 09:14:58 +0300	[thread overview]
Message-ID: <20161012061458.GM12841@mwanda> (raw)

Hello Toke Høiland-Jørgensen,

This is a semi-automatic email about new static checker warnings.

The patch bb42f2d13ffc: "mac80211: Move reorder-sensitive TX handlers 
to after TXQ dequeue" from Sep 22, 2016, leads to the following 
Smatch complaint:

net/mac80211/tx.c:3242 ieee80211_xmit_fast_finish()
	 error: we previously assumed 'key' could be null (see line 3209)

net/mac80211/tx.c
  3208	
  3209		if (key)
                    ^^^
Check.

  3210			info->control.hw_key = &key->conf;
  3211	
  3212		ieee80211_tx_stats(skb->dev, skb->len);
  3213	
  3214		if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
  3215			tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
  3216			*ieee80211_get_qos_ctl(hdr) = tid;
  3217			hdr->seq_ctrl = ieee80211_tx_next_seq(sta, tid);
  3218		} else {
  3219			info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
  3220			hdr->seq_ctrl = cpu_to_le16(sdata->sequence_number);
  3221			sdata->sequence_number += 0x10;
  3222		}
  3223	
  3224		if (skb_shinfo(skb)->gso_size)
  3225			sta->tx_stats.msdu[tid] +=
  3226				DIV_ROUND_UP(skb->len, skb_shinfo(skb)->gso_size);
  3227		else
  3228			sta->tx_stats.msdu[tid]++;
  3229	
  3230		info->hw_queue = sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
  3231	
  3232		/* statistics normally done by ieee80211_tx_h_stats (but that
  3233		 * has to consider fragmentation, so is more complex)
  3234		 */
  3235		sta->tx_stats.bytes[skb_get_queue_mapping(skb)] += skb->len;
  3236		sta->tx_stats.packets[skb_get_queue_mapping(skb)]++;
  3237	
  3238		if (pn_offs) {
                    ^^^^^^^
Maybe when pn_offs is non-zero that implies key is non-NULL? 

  3239			u64 pn;
  3240			u8 *crypto_hdr = skb->data + pn_offs;
  3241	
  3242			switch (key->conf.cipher) {
                                ^^^^^
Unchecked dereference.

  3243			case WLAN_CIPHER_SUITE_CCMP:
  3244			case WLAN_CIPHER_SUITE_CCMP_256:

regards,
dan carpenter

             reply	other threads:[~2016-10-12  9:02 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-10-12  6:14 Dan Carpenter [this message]
2016-10-12 15:57 ` [bug report] mac80211: Move reorder-sensitive TX handlers to after TXQ dequeue Toke Høiland-Jørgensen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161012061458.GM12841@mwanda \
    --to=dan.carpenter@oracle.com \
    --cc=linux-wireless@vger.kernel.org \
    --cc=toke@toke.dk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.