From: Kalle Valo <kvalo@qca.qualcomm.com>
To: Jouni Malinen <jouni@qca.qualcomm.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>,
<linux-wireless@vger.kernel.org>
Subject: Re: ath6kl: pass only unicast frames for aggregation
Date: Thu, 6 Oct 2011 14:27:55 +0300 [thread overview]
Message-ID: <4E8D90BB.5040506@qca.qualcomm.com> (raw)
In-Reply-To: <20111005115738.GA7368@jouni.qca.qualcomm.com>
On 10/05/2011 02:57 PM, Jouni Malinen wrote:
> On Wed, Oct 05, 2011 at 01:09:53PM +0300, Kalle Valo wrote:
>> Good catch, thanks! I should run smatch more, it's a really nice tool.
>
> This could have actually been found even before
> 5694f962964c5162f6b49ddb5d517180bd7d1d98 with more thorough static
> analysis since an A-MSDU sent to ath6kl AP would have hit the NULL
> pointer dereference in aggr_slice_amsdu().. Anyway, this new commit does
> indeed seem to make this much more likely to hit the issue (any data
> frame between two associated STAs).
Good point, I'll mention in the patch how severe this actually is.
>> I think a fix like this would be appropriate. Jouni, what do you think?
>
>> --- a/drivers/net/wireless/ath/ath6kl/txrx.c
>> +++ b/drivers/net/wireless/ath/ath6kl/txrx.c
>> @@ -1247,6 +1247,10 @@ void ath6kl_rx(struct htc_target *target, struct
>> htc_packet *packet)
>> }
>> if (skb1)
>> ath6kl_data_tx(skb1, ar->net_dev);
>> +
>> + if (skb == NULL)
>> + /* nothing to deliver up the stack */
>> + return;
>> }
>>
>> datap = (struct ethhdr *) skb->data;
>
>
> This looks like the correct behavior here. However, I would recommend
> using braces around any multi-line conditional statement even if it
> really is a comment and a single statement that would not, in theory,
> require this in C language. Leaving those out here seems to be just
> asking for problems should someone add something before the "return;"
> line and not notice to add braces at that point. The same comment would
> actually apply for the commit 5694f962964c5162f6b49ddb5d517180bd7d1d98,
> too. If you want to avoid the extra line an braces, moving the comment
> to the end of the return line would work for me.
I have used to not using braces even there's a comment like here. But
you have a point and I'll change my style.
Thanks for checking this.
Kalle
prev parent reply other threads:[~2011-10-06 11:28 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-05 5:59 ath6kl: pass only unicast frames for aggregation Dan Carpenter
2011-10-05 10:09 ` Kalle Valo
2011-10-05 11:57 ` Jouni Malinen
2011-10-06 11:27 ` Kalle Valo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E8D90BB.5040506@qca.qualcomm.com \
--to=kvalo@qca.qualcomm.com \
--cc=dan.carpenter@oracle.com \
--cc=jouni@qca.qualcomm.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.