linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* re: NFC: HCI support
@ 2012-04-13 10:16 Dan Carpenter
  2012-04-16 14:17 ` Eric Lapuyade
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2012-04-13 10:16 UTC (permalink / raw)
  To: eric.lapuyade; +Cc: linux-wireless

Hello Eric Lapuyade,

This is a semi-automatic email about new static checker warnings.

The patch 8b8d2e08bf0d: "NFC: HCI support" from Apr 10, 2012, leads 
to the following Smatch complaint:

net/nfc/hci/core.c:815 nfc_hci_recv_frame()
	 error: we previously assumed 'hcp_skb' could be null (see line 790)

net/nfc/hci/core.c
   789						     msg_len, GFP_KERNEL);
   790			if (hcp_skb == NULL) {
                            ^^^^^^^^^^^^^^^
New check.

   791				/* TODO ELa: cannot deliver HCP message. How to
   792				 * propagate error up?
   793				 */

If we can't allocate memory here, shouldn't we just drop the packet and
return?  The other layers can handle dropped packets.

   794			}
   795	
   796			*skb_put(hcp_skb, NFC_HCI_HCP_PACKET_HEADER_LEN) = pipe;
   797	
   798			skb_queue_walk(&hdev->rx_hcp_frags, frag_skb) {
   799				msg_len = frag_skb->len - NFC_HCI_HCP_PACKET_HEADER_LEN;
   800				memcpy(skb_put(hcp_skb, msg_len),
   801				       frag_skb->data + NFC_HCI_HCP_PACKET_HEADER_LEN,
   802				       msg_len);
   803			}
   804	
   805			skb_queue_purge(&hdev->rx_hcp_frags);
   806		} else {
   807			packet->header &= NFC_HCI_FRAGMENT;
   808			hcp_skb = skb;
   809		}
   810	
   811		/* if this is a response, dispatch immediately to
   812		 * unblock waiting cmd context. Otherwise, enqueue to dispatch
   813		 * in separate context where handler can also execute command.
   814		 */
   815		packet = (struct hcp_packet *)hcp_skb->data;
                                              ^^^^^^^^^^^^^
New dereference.

   816		type = HCP_MSG_GET_TYPE(packet->message.header);
   817		if (type == NFC_HCI_HCP_RESPONSE) {

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: NFC: HCI support
  2012-04-13 10:16 NFC: HCI support Dan Carpenter
@ 2012-04-16 14:17 ` Eric Lapuyade
  0 siblings, 0 replies; 2+ messages in thread
From: Eric Lapuyade @ 2012-04-16 14:17 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: eric.lapuyade, linux-wireless

Hi Dan,

Thank you for the report. Please see below my explanations.

Regards,

Eric

On 13/04/2012 12:16, Dan Carpenter wrote:
> Hello Eric Lapuyade,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch 8b8d2e08bf0d: "NFC: HCI support" from Apr 10, 2012, leads
> to the following Smatch complaint:
>
> net/nfc/hci/core.c:815 nfc_hci_recv_frame()
> 	 error: we previously assumed 'hcp_skb' could be null (see line 790)
>
> net/nfc/hci/core.c
>     789						     msg_len, GFP_KERNEL);
>     790			if (hcp_skb == NULL) {
>                              ^^^^^^^^^^^^^^^
> New check.
>
>     791				/* TODO ELa: cannot deliver HCP message. How to
>     792				 * propagate error up?
>     793				 */
>
> If we can't allocate memory here, shouldn't we just drop the packet and
> return?  The other layers can handle dropped packets.

Actually, the higher level to which this frame is destined cannot handle lost packets. In the current case, the frame can contain a response to an outgoing command, or an event or a command from the chipset.
In case of the response, the upper layer would complete command execution with a timeout error. So basically it would work except the command would complete with an incorrect error indication which could be a problem if you try to understand why the chip didn't answer your command.
In case of an event, that could be a tag_discovered event for example. Events MUST be delivered, otherwise it would appear to the user like if the tag wasn't detected at all, with no indication that something failed.
In case of an incoming command, it would be no problem, the remote would timeout on our response.

I will soon commit a new patch to purge the fragment list and return. This will remove the checker errors. I'll leave the TODO until we have designed a way for upper layer to be notified.

>
>     794			}
>     795	
>     796			*skb_put(hcp_skb, NFC_HCI_HCP_PACKET_HEADER_LEN) = pipe;
>     797	
>     798			skb_queue_walk(&hdev->rx_hcp_frags, frag_skb) {
>     799				msg_len = frag_skb->len - NFC_HCI_HCP_PACKET_HEADER_LEN;
>     800				memcpy(skb_put(hcp_skb, msg_len),
>     801				       frag_skb->data + NFC_HCI_HCP_PACKET_HEADER_LEN,
>     802				       msg_len);
>     803			}
>     804	
>     805			skb_queue_purge(&hdev->rx_hcp_frags);
>     806		} else {
>     807			packet->header&= NFC_HCI_FRAGMENT;
>     808			hcp_skb = skb;
>     809		}
>     810	
>     811		/* if this is a response, dispatch immediately to
>     812		 * unblock waiting cmd context. Otherwise, enqueue to dispatch
>     813		 * in separate context where handler can also execute command.
>     814		 */
>     815		packet = (struct hcp_packet *)hcp_skb->data;
>                                                ^^^^^^^^^^^^^
> New dereference.
>
>     816		type = HCP_MSG_GET_TYPE(packet->message.header);
>     817		if (type == NFC_HCI_HCP_RESPONSE) {
>
> regards,
> dan carpenter
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-04-16 14:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-04-13 10:16 NFC: HCI support Dan Carpenter
2012-04-16 14:17 ` Eric Lapuyade

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).