From: Dan Carpenter <dan.carpenter@oracle.com>
To: ryder.lee@mediatek.com
Cc: linux-mediatek@lists.infradead.org,
Ryder Lee <ryder.lee@mediatek.com>,
linux-wireless@vger.kernel.org
Subject: [bug report] mt76: adjust wcid size to support new 802.11ax generation
Date: Wed, 20 May 2020 15:08:54 +0300 [thread overview]
Message-ID: <20200520120854.GA161324@mwanda> (raw)
Hello Ryder Lee,
The patch 49e649c3e0a6: "mt76: adjust wcid size to support new
802.11ax generation" from Apr 25, 2020, leads to the following static
checker warning:
drivers/net/wireless/mediatek/mt76/mt76x02.h:249 mt76x02_rx_get_sta()
warn: impossible condition '(idx >= (2304 / 8 + (0))) => (0-255 >= 288)'
drivers/net/wireless/mediatek/mt76/mt7603/mac.c:476 mt7603_rx_get_wcid()
warn: impossible condition '(idx >= (2304 / 8 + (0))) => (0-255 >= 288)'
drivers/net/wireless/mediatek/mt76/mt7603/mac.c:1241 mt7603_mac_add_txs()
warn: impossible condition '(wcidx >= (2304 / 8 + (0))) => (0-255 >= 288)'
drivers/net/wireless/mediatek/mt76/mt7615/mac.c:64 mt7615_rx_get_wcid()
warn: impossible condition '(idx >= (2304 / 8 + (0))) => (0-255 >= 288)'
drivers/net/wireless/mediatek/mt76/mt7615/mac.c:1305 mt7615_mac_add_txs()
warn: impossible condition '(wcidx >= (2304 / 8 + (0))) => (0-255 >= 288)'
drivers/net/wireless/mediatek/mt76/mt76x02_mac.c:564 mt76x02_send_tx_status()
warn: always true condition '(stat->wcid < (2304 / 8 + (0))) => (0-255 < 288)'
vers/net/wireless/mediatek/mt76/mt76x02.h
244 static inline struct mt76x02_sta *
245 mt76x02_rx_get_sta(struct mt76_dev *dev, u8 idx)
246 {
247 struct mt76_wcid *wcid;
248
249 if (idx >= ARRAY_SIZE(dev->wcid))
The dev->wcid[] array used to have 128 elements but now it has 288 so
a u8 idx isn't large enough.
250 return NULL;
251
252 wcid = rcu_dereference(dev->wcid[idx]);
253 if (!wcid)
254 return NULL;
255
256 return container_of(wcid, struct mt76x02_sta, wcid);
257 }
...
470 static struct mt76_wcid *
471 mt7603_rx_get_wcid(struct mt7603_dev *dev, u8 idx, bool unicast)
472 {
473 struct mt7603_sta *sta;
474 struct mt76_wcid *wcid;
475
476 if (idx >= ARRAY_SIZE(dev->mt76.wcid))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Same.
477 return NULL;
478
479 wcid = rcu_dereference(dev->mt76.wcid[idx]);
480 if (unicast || !wcid)
481 return wcid;
482
483 if (!wcid->sta)
484 return NULL;
485
486 sta = container_of(wcid, struct mt7603_sta, wcid);
487 if (!sta->vif)
488 return NULL;
489
490 return &sta->vif->sta.wcid;
491 }
...
1236 wcidx = FIELD_GET(MT_TXS3_WCID, txs);
^^^^^^^^^^^^
This is bits 24-31 so it may need to be adjusted.
1237
1238 if (pid == MT_PACKET_ID_NO_ACK)
1239 return;
1240
1241 if (wcidx >= ARRAY_SIZE(dev->mt76.wcid))
^^^^^
u8 type.
1242 return;
1243
1244 rcu_read_lock();
drivers/net/wireless/mediatek/mt76/mt7615/mac.c
58 static struct mt76_wcid *mt7615_rx_get_wcid(struct mt7615_dev *dev,
59 u8 idx, bool unicast)
60 {
61 struct mt7615_sta *sta;
62 struct mt76_wcid *wcid;
63
64 if (idx >= ARRAY_SIZE(dev->mt76.wcid))
^^^
It's the same thing. The type and the mask used (MT_RXD2_NORMAL_WLAN_IDX)
make this condition impossible.
65 return NULL;
66
See drivers/net/wireless/mediatek/mt76/mt7615/mac.c:1305 mt7615_mac_add_txs() warn: impossible condition '(wcidx >= (2304 / 8 + (0))) => (0-255 >= 288)'
drivers/net/wireless/mediatek/mt76/mt76x02_mac.c
551 struct mt76x02_sta *msta = NULL;
552 struct mt76_dev *mdev = &dev->mt76;
553 struct sk_buff_head list;
554 u32 duration = 0;
555 u8 cur_pktid;
556 u32 ac = 0;
557 int len = 0;
558
559 if (stat->pktid == MT_PACKET_ID_NO_ACK)
560 return;
561
562 rcu_read_lock();
563
564 if (stat->wcid < ARRAY_SIZE(dev->mt76.wcid))
^^^^^^^^^^
This is a u8 as well.
565 wcid = rcu_dereference(dev->mt76.wcid[stat->wcid]);
566
567 if (wcid && wcid->sta) {
568 void *priv;
569
570 priv = msta = container_of(wcid, struct mt76x02_sta, wcid);
571 status.sta = container_of(priv, struct ieee80211_sta,
572 drv_priv);
573 }
...
796
797 wcid = FIELD_GET(MT_RXWI_CTL_WCID, ctl);
^^^^ ^^^^^^^^^^^^^^^^
Here "wcid" is a u8 and MT_RXWI_CTL_WCID is bits 0-7 so both of these
may need to be adjusted.
798 sta = mt76x02_rx_get_sta(&dev->mt76, wcid);
799 status->wcid = mt76x02_rx_get_sta_wcid(sta, unicast);
800
regards,
dan carpenter
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
reply other threads:[~2020-05-20 12:09 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200520120854.GA161324@mwanda \
--to=dan.carpenter@oracle.com \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=ryder.lee@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).