* re: ath6kl: pass only unicast frames for aggregation
@ 2011-10-05 5:59 Dan Carpenter
2011-10-05 10:09 ` Kalle Valo
0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2011-10-05 5:59 UTC (permalink / raw)
To: Kalle Valo; +Cc: linux-wireless
Hi Kalle,
Smatch complains that 5694f962964 "ath6kl: pass only unicast frames
for aggregation"
drivers/net/wireless/ath/ath6kl/txrx.c
1241 if (conn && ar->intra_bss) {
1242 skb1 = skb;
1243 skb = NULL;
^^^^^^^^^^^
1244 } else if (conn && !ar->intra_bss) {
1245 dev_kfree_skb(skb);
1246 skb = NULL;
^^^^^^^^^^^
1247 }
1248 }
1249 if (skb1)
1250 ath6kl_data_tx(skb1, ar->net_dev);
1251 }
1252
1253 datap = (struct ethhdr *) skb->data;
^^^^^^^^^
skb can be NULL.
1254
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: ath6kl: pass only unicast frames for aggregation 2011-10-05 5:59 ath6kl: pass only unicast frames for aggregation Dan Carpenter @ 2011-10-05 10:09 ` Kalle Valo 2011-10-05 11:57 ` Jouni Malinen 0 siblings, 1 reply; 4+ messages in thread From: Kalle Valo @ 2011-10-05 10:09 UTC (permalink / raw) To: Dan Carpenter; +Cc: linux-wireless, Malinen, Jouni Hi Dan, On 10/05/2011 08:59 AM, Dan Carpenter wrote: > Smatch complains that 5694f962964 "ath6kl: pass only unicast frames > for aggregation" > > drivers/net/wireless/ath/ath6kl/txrx.c > 1241 if (conn && ar->intra_bss) { > 1242 skb1 = skb; > 1243 skb = NULL; > ^^^^^^^^^^^ > 1244 } else if (conn && !ar->intra_bss) { > 1245 dev_kfree_skb(skb); > 1246 skb = NULL; > ^^^^^^^^^^^ > 1247 } > 1248 } > 1249 if (skb1) > 1250 ath6kl_data_tx(skb1, ar->net_dev); > 1251 } > 1252 > 1253 datap = (struct ethhdr *) skb->data; > ^^^^^^^^^ > skb can be NULL. Good catch, thanks! I should run smatch more, it's a really nice tool. I think a fix like this would be appropriate. Jouni, what do you think? (I have just copypasted the patch to thunderbird, I'm sure it's white space damaged. Sorry about that.) Kalle --- a/drivers/net/wireless/ath/ath6kl/txrx.c +++ b/drivers/net/wireless/ath/ath6kl/txrx.c @@ -1247,6 +1247,10 @@ void ath6kl_rx(struct htc_target *target, struct htc_packet *packet) } if (skb1) ath6kl_data_tx(skb1, ar->net_dev); + + if (skb == NULL) + /* nothing to deliver up the stack */ + return; } datap = (struct ethhdr *) skb->data; ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ath6kl: pass only unicast frames for aggregation 2011-10-05 10:09 ` Kalle Valo @ 2011-10-05 11:57 ` Jouni Malinen 2011-10-06 11:27 ` Kalle Valo 0 siblings, 1 reply; 4+ messages in thread From: Jouni Malinen @ 2011-10-05 11:57 UTC (permalink / raw) To: Kalle Valo; +Cc: Dan Carpenter, linux-wireless On Wed, Oct 05, 2011 at 01:09:53PM +0300, Kalle Valo wrote: > Good catch, thanks! I should run smatch more, it's a really nice tool. This could have actually been found even before 5694f962964c5162f6b49ddb5d517180bd7d1d98 with more thorough static analysis since an A-MSDU sent to ath6kl AP would have hit the NULL pointer dereference in aggr_slice_amsdu().. Anyway, this new commit does indeed seem to make this much more likely to hit the issue (any data frame between two associated STAs). > I think a fix like this would be appropriate. Jouni, what do you think? > --- a/drivers/net/wireless/ath/ath6kl/txrx.c > +++ b/drivers/net/wireless/ath/ath6kl/txrx.c > @@ -1247,6 +1247,10 @@ void ath6kl_rx(struct htc_target *target, struct > htc_packet *packet) > } > if (skb1) > ath6kl_data_tx(skb1, ar->net_dev); > + > + if (skb == NULL) > + /* nothing to deliver up the stack */ > + return; > } > > datap = (struct ethhdr *) skb->data; This looks like the correct behavior here. However, I would recommend using braces around any multi-line conditional statement even if it really is a comment and a single statement that would not, in theory, require this in C language. Leaving those out here seems to be just asking for problems should someone add something before the "return;" line and not notice to add braces at that point. The same comment would actually apply for the commit 5694f962964c5162f6b49ddb5d517180bd7d1d98, too. If you want to avoid the extra line an braces, moving the comment to the end of the return line would work for me. -- Jouni Malinen PGP id EFC895FA ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ath6kl: pass only unicast frames for aggregation 2011-10-05 11:57 ` Jouni Malinen @ 2011-10-06 11:27 ` Kalle Valo 0 siblings, 0 replies; 4+ messages in thread From: Kalle Valo @ 2011-10-06 11:27 UTC (permalink / raw) To: Jouni Malinen; +Cc: Dan Carpenter, linux-wireless On 10/05/2011 02:57 PM, Jouni Malinen wrote: > On Wed, Oct 05, 2011 at 01:09:53PM +0300, Kalle Valo wrote: >> Good catch, thanks! I should run smatch more, it's a really nice tool. > > This could have actually been found even before > 5694f962964c5162f6b49ddb5d517180bd7d1d98 with more thorough static > analysis since an A-MSDU sent to ath6kl AP would have hit the NULL > pointer dereference in aggr_slice_amsdu().. Anyway, this new commit does > indeed seem to make this much more likely to hit the issue (any data > frame between two associated STAs). Good point, I'll mention in the patch how severe this actually is. >> I think a fix like this would be appropriate. Jouni, what do you think? > >> --- a/drivers/net/wireless/ath/ath6kl/txrx.c >> +++ b/drivers/net/wireless/ath/ath6kl/txrx.c >> @@ -1247,6 +1247,10 @@ void ath6kl_rx(struct htc_target *target, struct >> htc_packet *packet) >> } >> if (skb1) >> ath6kl_data_tx(skb1, ar->net_dev); >> + >> + if (skb == NULL) >> + /* nothing to deliver up the stack */ >> + return; >> } >> >> datap = (struct ethhdr *) skb->data; > > > This looks like the correct behavior here. However, I would recommend > using braces around any multi-line conditional statement even if it > really is a comment and a single statement that would not, in theory, > require this in C language. Leaving those out here seems to be just > asking for problems should someone add something before the "return;" > line and not notice to add braces at that point. The same comment would > actually apply for the commit 5694f962964c5162f6b49ddb5d517180bd7d1d98, > too. If you want to avoid the extra line an braces, moving the comment > to the end of the return line would work for me. I have used to not using braces even there's a comment like here. But you have a point and I'll change my style. Thanks for checking this. Kalle ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-10-06 11:28 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2011-10-05 5:59 ath6kl: pass only unicast frames for aggregation Dan Carpenter 2011-10-05 10:09 ` Kalle Valo 2011-10-05 11:57 ` Jouni Malinen 2011-10-06 11:27 ` Kalle Valo
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).