linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* re: Add ath6kl cleaned up driver
@ 2013-02-13 20:56 Dan Carpenter
  2013-03-10  5:53 ` Kalle Valo
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2013-02-13 20:56 UTC (permalink / raw)
  To: kvalo; +Cc: linux-wireless

Hello Kalle Valo,

The patch bdcd81707973: "Add ath6kl cleaned up driver" from Jul 18, 
2011, leads to the following static checker warning:
"drivers/net/wireless/ath/ath6kl/txrx.c:1327 ath6kl_rx()
	 warn: what are we testing here?"

[ This is from a failed experiment with Smatch that I won't release. ]

  1301  void ath6kl_rx(struct htc_target *target, struct htc_packet *packet)
  1302  {
  1303          struct ath6kl *ar = target->dev->ar;
  1304          struct sk_buff *skb = packet->pkt_cntxt;
  1305          struct wmi_rx_meta_v2 *meta;
  1306          struct wmi_data_hdr *dhdr;
  1307          int min_hdr_len;
  1308          u8 meta_type, dot11_hdr = 0;
  1309          u8 pad_before_data_start;
  1310          int status = packet->status;
  1311          enum htc_endpoint_id ept = packet->endpoint;
  1312          bool is_amsdu, prev_ps, ps_state = false;
  1313          bool trig_state = false;
  1314          struct ath6kl_sta *conn = NULL;
  1315          struct sk_buff *skb1 = NULL;
  1316          struct ethhdr *datap = NULL;
  1317          struct ath6kl_vif *vif;
  1318          struct aggr_info_conn *aggr_conn;
  1319          u16 seq_no, offset;
  1320          u8 tid, if_idx;
  1321  
  1322          ath6kl_dbg(ATH6KL_DBG_WLAN_RX,
  1323                     "%s: ar=0x%p eid=%d, skb=0x%p, data=0x%p, len=0x%x status:%d",
  1324                     __func__, ar, ept, skb, packet->buf,
  1325                     packet->act_len, status);
  1326  
  1327          if (status || !(skb->data + HTC_HDR_LENGTH)) {
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^
skb->data is a pointer.  This pointer math is always going to be false.
Should it be testing "packet->act_len < HTC_HDR_LENGTH" or something?

  1328                  dev_kfree_skb(skb);
  1329                  return;
  1330          }
  1331  
  1332          skb_put(skb, packet->act_len + HTC_HDR_LENGTH);

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Add ath6kl cleaned up driver
  2013-02-13 20:56 Add ath6kl cleaned up driver Dan Carpenter
@ 2013-03-10  5:53 ` Kalle Valo
  0 siblings, 0 replies; 2+ messages in thread
From: Kalle Valo @ 2013-03-10  5:53 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: linux-wireless, ath6kl-devel

Dan Carpenter <dan.carpenter@oracle.com> writes:

> Hello Kalle Valo,
>
> The patch bdcd81707973: "Add ath6kl cleaned up driver" from Jul 18, 
> 2011, leads to the following static checker warning:
> "drivers/net/wireless/ath/ath6kl/txrx.c:1327 ath6kl_rx()
> 	 warn: what are we testing here?"
>
> [ This is from a failed experiment with Smatch that I won't release. ]

[...]

>   1327          if (status || !(skb->data + HTC_HDR_LENGTH)) {
>                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^
> skb->data is a pointer.  This pointer math is always going to be false.
> Should it be testing "packet->act_len < HTC_HDR_LENGTH" or something?

Good find! I have no idea what this is supposed to test, but act_len <
HTC_HDR_LENGTH seems like a good idea. I sent a patch for this.

-- 
Kalle Valo

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-03-10  5:53 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-02-13 20:56 Add ath6kl cleaned up driver Dan Carpenter
2013-03-10  5:53 ` Kalle Valo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).