[PATCH 2/10] ath10k: use safer test on the result of find_first_zero_bit
Julia Lawall
Julia.Lawall at lip6.fr
Wed Jun 4 02:07:52 PDT 2014
From: Julia Lawall <Julia.Lawall at lip6.fr>
Find_first_zero_bit considers BITS_PER_LONG bits at a time, and thus may
return a larger number than the maximum position argument if that position
is not a multiple of BITS_PER_LONG.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression e1,e2,e3;
statement S1,S2;
@@
e1 = find_first_zero_bit(e2,e3)
...
if (e1
- ==
+ >=
e3)
S1 else S2
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall at lip6.fr>
---
drivers/net/wireless/ath/ath10k/htt_tx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -u -p a/drivers/net/wireless/ath/ath10k/htt_tx.c b/drivers/net/wireless/ath/ath10k/htt_tx.c
--- a/drivers/net/wireless/ath/ath10k/htt_tx.c
+++ b/drivers/net/wireless/ath/ath10k/htt_tx.c
@@ -64,7 +64,7 @@ int ath10k_htt_tx_alloc_msdu_id(struct a
msdu_id = find_first_zero_bit(htt->used_msdu_ids,
htt->max_num_pending_tx);
- if (msdu_id == htt->max_num_pending_tx)
+ if (msdu_id >= htt->max_num_pending_tx)
return -ENOBUFS;
ath10k_dbg(ATH10K_DBG_HTT, "htt tx alloc msdu_id %d\n", msdu_id);
More information about the ath10k
mailing list