[bug report] wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices
Dan Carpenter
error27 at gmail.com
Thu Feb 16 01:57:03 PST 2023
Hello Kalle Valo,
The patch d889913205cf: "wifi: ath12k: driver for Qualcomm Wi-Fi 7
devices" from Nov 28, 2022, leads to the following Smatch static
checker warning:
drivers/net/wireless/ath/ath12k/dp_rx.c:3254 ath12k_dp_rx_frag_h_mpdu() warn: missing error code here? 'ath12k_peer_find_by_id()' failed. 'ret' = '0'
drivers/net/wireless/ath/ath12k/dp_rx.c:3260 ath12k_dp_rx_frag_h_mpdu() warn: missing error code here? 'ath12k_dp_rx_h_defrag()' failed. 'ret' = '0'
drivers/net/wireless/ath/ath12k/dp_rx.c:3266 ath12k_dp_rx_frag_h_mpdu() warn: missing error code here? 'ath12k_dp_rx_h_defrag_reo_reinject()' failed. 'ret' = '0'
drivers/net/wireless/ath/ath12k/dp_rx.c
3161 static int ath12k_dp_rx_frag_h_mpdu(struct ath12k *ar,
3162 struct sk_buff *msdu,
3163 struct hal_reo_dest_ring *ring_desc)
3164 {
3165 struct ath12k_base *ab = ar->ab;
3166 struct hal_rx_desc *rx_desc;
3167 struct ath12k_peer *peer;
3168 struct ath12k_dp_rx_tid *rx_tid;
3169 struct sk_buff *defrag_skb = NULL;
3170 u32 peer_id;
3171 u16 seqno, frag_no;
3172 u8 tid;
3173 int ret = 0;
3174 bool more_frags;
3175
3176 rx_desc = (struct hal_rx_desc *)msdu->data;
3177 peer_id = ath12k_dp_rx_h_peer_id(ab, rx_desc);
3178 tid = ath12k_dp_rx_h_tid(ab, rx_desc);
3179 seqno = ath12k_dp_rx_h_seq_no(ab, rx_desc);
3180 frag_no = ath12k_dp_rx_h_frag_no(ab, msdu);
3181 more_frags = ath12k_dp_rx_h_more_frags(ab, msdu);
3182
3183 if (!ath12k_dp_rx_h_seq_ctrl_valid(ab, rx_desc) ||
3184 !ath12k_dp_rx_h_fc_valid(ab, rx_desc) ||
3185 tid > IEEE80211_NUM_TIDS)
3186 return -EINVAL;
3187
3188 /* received unfragmented packet in reo
3189 * exception ring, this shouldn't happen
3190 * as these packets typically come from
3191 * reo2sw srngs.
3192 */
3193 if (WARN_ON_ONCE(!frag_no && !more_frags))
3194 return -EINVAL;
3195
3196 spin_lock_bh(&ab->base_lock);
3197 peer = ath12k_peer_find_by_id(ab, peer_id);
3198 if (!peer) {
3199 ath12k_warn(ab, "failed to find the peer to de-fragment received fragment peer_id %d\n",
3200 peer_id);
3201 ret = -ENOENT;
3202 goto out_unlock;
3203 }
3204 rx_tid = &peer->rx_tid[tid];
3205
3206 if ((!skb_queue_empty(&rx_tid->rx_frags) && seqno != rx_tid->cur_sn) ||
3207 skb_queue_empty(&rx_tid->rx_frags)) {
3208 /* Flush stored fragments and start a new sequence */
3209 ath12k_dp_rx_frags_cleanup(rx_tid, true);
3210 rx_tid->cur_sn = seqno;
3211 }
3212
3213 if (rx_tid->rx_frag_bitmap & BIT(frag_no)) {
3214 /* Fragment already present */
3215 ret = -EINVAL;
3216 goto out_unlock;
3217 }
3218
3219 if (frag_no > __fls(rx_tid->rx_frag_bitmap))
3220 __skb_queue_tail(&rx_tid->rx_frags, msdu);
3221 else
3222 ath12k_dp_rx_h_sort_frags(ab, &rx_tid->rx_frags, msdu);
3223
3224 rx_tid->rx_frag_bitmap |= BIT(frag_no);
3225 if (!more_frags)
3226 rx_tid->last_frag_no = frag_no;
3227
3228 if (frag_no == 0) {
3229 rx_tid->dst_ring_desc = kmemdup(ring_desc,
3230 sizeof(*rx_tid->dst_ring_desc),
3231 GFP_ATOMIC);
3232 if (!rx_tid->dst_ring_desc) {
3233 ret = -ENOMEM;
3234 goto out_unlock;
3235 }
3236 } else {
3237 ath12k_dp_rx_link_desc_return(ab, ring_desc,
3238 HAL_WBM_REL_BM_ACT_PUT_IN_IDLE);
3239 }
3240
3241 if (!rx_tid->last_frag_no ||
3242 rx_tid->rx_frag_bitmap != GENMASK(rx_tid->last_frag_no, 0)) {
3243 mod_timer(&rx_tid->frag_timer, jiffies +
3244 ATH12K_DP_RX_FRAGMENT_TIMEOUT_MS);
error code?
3245 goto out_unlock;
3246 }
3247
3248 spin_unlock_bh(&ab->base_lock);
3249 del_timer_sync(&rx_tid->frag_timer);
3250 spin_lock_bh(&ab->base_lock);
3251
3252 peer = ath12k_peer_find_by_id(ab, peer_id);
3253 if (!peer)
--> 3254 goto err_frags_cleanup;
here?
3255
3256 if (!ath12k_dp_rx_h_defrag_validate_incr_pn(ar, rx_tid))
3257 goto err_frags_cleanup;
This definitely looks like an error path. Similar warning
in ath12k_reg_chan_list_event().
drivers/net/wireless/ath/ath12k/wmi.c:5195 ath12k_reg_chan_list_event() warn: missing error code here? 'ath12k_reg_build_regd()' failed. 'ret' = '0'
3258
3259 if (ath12k_dp_rx_h_defrag(ar, peer, rx_tid, &defrag_skb))
3260 goto err_frags_cleanup;
3261
3262 if (!defrag_skb)
3263 goto err_frags_cleanup;
3264
3265 if (ath12k_dp_rx_h_defrag_reo_reinject(ar, rx_tid, defrag_skb))
3266 goto err_frags_cleanup;
3267
3268 ath12k_dp_rx_frags_cleanup(rx_tid, false);
3269 goto out_unlock;
3270
3271 err_frags_cleanup:
3272 dev_kfree_skb_any(defrag_skb);
3273 ath12k_dp_rx_frags_cleanup(rx_tid, true);
3274 out_unlock:
3275 spin_unlock_bh(&ab->base_lock);
3276 return ret;
3277 }
regards,
dan carpenter
More information about the ath12k
mailing list