* [bug report] iwlwifi: mvm: use dev_coredumpsg()
@ 2016-11-14 11:20 Dan Carpenter
2016-11-14 12:51 ` Erenfeld, Aviya
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2016-11-14 11:20 UTC (permalink / raw)
To: aviya.erenfeld; +Cc: linux-wireless
Hello Aviya Erenfeld,
The patch 7e62a699aafb: "iwlwifi: mvm: use dev_coredumpsg()" from Sep
20, 2016, leads to the following static checker warning:
drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c:821 iwl_mvm_fw_error_dump()
error: we previously assumed 'fw_error_dump->trans_ptr' could be null (see line 809)
drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c
805 dump_trans_data:
806 fw_error_dump->trans_ptr = iwl_trans_dump_data(mvm->trans,
807 mvm->fw_dump_trig);
808 fw_error_dump->op_mode_len = file_len;
809 if (fw_error_dump->trans_ptr)
810 file_len += fw_error_dump->trans_ptr->len;
We assume ->trans_ptr can be NULL.
811 dump_file->file_len = cpu_to_le32(file_len);
812
813 sg_dump_data = alloc_sgtable(file_len);
That probably means file_len is zero? (didn't look). That means
sg_dump_data is ZERO_SIZE_PTR (16).
814 if (sg_dump_data) {
815 sg_pcopy_from_buffer(sg_dump_data,
816 sg_nents(sg_dump_data),
817 fw_error_dump->op_mode_ptr,
818 fw_error_dump->op_mode_len, 0);
819 sg_pcopy_from_buffer(sg_dump_data,
820 sg_nents(sg_dump_data),
821 fw_error_dump->trans_ptr->data,
Leading to an oops.
822 fw_error_dump->trans_ptr->len,
823 fw_error_dump->op_mode_len);
824 dev_coredumpsg(mvm->trans->dev, sg_dump_data, file_len,
825 GFP_KERNEL);
826 }
827 vfree(fw_error_dump->op_mode_ptr);
828 vfree(fw_error_dump->trans_ptr);
829 kfree(fw_error_dump);
830
831 out:
832 iwl_mvm_free_fw_dump_desc(mvm);
833 mvm->fw_dump_trig = NULL;
834 clear_bit(IWL_MVM_STATUS_DUMPING_FW_LOG, &mvm->status);
835 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
* RE: [bug report] iwlwifi: mvm: use dev_coredumpsg()
2016-11-14 11:20 [bug report] iwlwifi: mvm: use dev_coredumpsg() Dan Carpenter
@ 2016-11-14 12:51 ` Erenfeld, Aviya
0 siblings, 0 replies; 2+ messages in thread
From: Erenfeld, Aviya @ 2016-11-14 12:51 UTC (permalink / raw)
To: Dan Carpenter; +Cc: linux-wireless@vger.kernel.org, Berg, Johannes
Thanks,
Right, we already have a pending fix for that one.
Aviya
-----Original Message-----
From: Dan Carpenter [mailto:dan.carpenter@oracle.com]
Sent: Monday, November 14, 2016 13:21
To: Erenfeld, Aviya <aviya.erenfeld@intel.com>
Cc: linux-wireless@vger.kernel.org
Subject: [bug report] iwlwifi: mvm: use dev_coredumpsg()
Hello Aviya Erenfeld,
The patch 7e62a699aafb: "iwlwifi: mvm: use dev_coredumpsg()" from Sep 20, 2016, leads to the following static checker warning:
drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c:821 iwl_mvm_fw_error_dump()
error: we previously assumed 'fw_error_dump->trans_ptr' could be null (see line 809)
drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c
805 dump_trans_data:
806 fw_error_dump->trans_ptr = iwl_trans_dump_data(mvm->trans,
807 mvm->fw_dump_trig);
808 fw_error_dump->op_mode_len = file_len;
809 if (fw_error_dump->trans_ptr)
810 file_len += fw_error_dump->trans_ptr->len;
We assume ->trans_ptr can be NULL.
811 dump_file->file_len = cpu_to_le32(file_len);
812
813 sg_dump_data = alloc_sgtable(file_len);
That probably means file_len is zero? (didn't look). That means sg_dump_data is ZERO_SIZE_PTR (16).
814 if (sg_dump_data) {
815 sg_pcopy_from_buffer(sg_dump_data,
816 sg_nents(sg_dump_data),
817 fw_error_dump->op_mode_ptr,
818 fw_error_dump->op_mode_len, 0);
819 sg_pcopy_from_buffer(sg_dump_data,
820 sg_nents(sg_dump_data),
821 fw_error_dump->trans_ptr->data,
Leading to an oops.
822 fw_error_dump->trans_ptr->len,
823 fw_error_dump->op_mode_len);
824 dev_coredumpsg(mvm->trans->dev, sg_dump_data, file_len,
825 GFP_KERNEL);
826 }
827 vfree(fw_error_dump->op_mode_ptr);
828 vfree(fw_error_dump->trans_ptr);
829 kfree(fw_error_dump);
830
831 out:
832 iwl_mvm_free_fw_dump_desc(mvm);
833 mvm->fw_dump_trig = NULL;
834 clear_bit(IWL_MVM_STATUS_DUMPING_FW_LOG, &mvm->status);
835 }
regards,
dan carpenter
---------------------------------------------------------------------
A member of the Intel Corporation group of companies
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-11-14 12:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-14 11:20 [bug report] iwlwifi: mvm: use dev_coredumpsg() Dan Carpenter
2016-11-14 12:51 ` Erenfeld, Aviya
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).