[bug report] wifi: ath12k: ath12k_dbring_buffer_release_event() is broken
Dan Carpenter
error27 at gmail.com
Thu Feb 16 05:59:10 PST 2023
Hello Kalle Valo,
The patch d889913205cf: "wifi: ath12k: driver for Qualcomm Wi-Fi 7
devices" from Nov 28, 2022, leads to the following Smatch static
checker warning:
drivers/net/wireless/ath/ath12k/dbring.c:281 ath12k_dbring_buffer_release_event()
error: bogus initialized NULL 'ring'.
drivers/net/wireless/ath/ath12k/dbring.c
230 int ath12k_dbring_buffer_release_event(struct ath12k_base *ab,
231 struct ath12k_dbring_buf_release_event *ev)
232 {
233 struct ath12k_dbring *ring = NULL;
234 struct hal_srng *srng;
235 struct ath12k *ar;
236 struct ath12k_dbring_element *buff;
237 struct ath12k_dbring_data handler_data;
238 struct ath12k_buffer_addr desc;
239 u8 *vaddr_unalign;
240 u32 num_entry, num_buff_reaped;
241 u8 pdev_idx, rbm;
242 u32 cookie;
243 int buf_id;
244 int size;
245 dma_addr_t paddr;
246 int ret = 0;
247
248 pdev_idx = le32_to_cpu(ev->fixed.pdev_id);
249
250 if (pdev_idx >= ab->num_radios) {
251 ath12k_warn(ab, "Invalid pdev id %d\n", pdev_idx);
252 return -EINVAL;
253 }
254
255 if (ev->fixed.num_buf_release_entry !=
256 ev->fixed.num_meta_data_entry) {
257 ath12k_warn(ab, "Buffer entry %d mismatch meta entry %d\n",
258 ev->fixed.num_buf_release_entry,
259 ev->fixed.num_meta_data_entry);
260 return -EINVAL;
261 }
262
263 ar = ab->pdevs[pdev_idx].ar;
264
265 rcu_read_lock();
266 if (!rcu_dereference(ab->pdevs_active[pdev_idx])) {
267 ret = -EINVAL;
268 goto rcu_unlock;
269 }
270
271 switch (ev->fixed.module_id) {
272 case WMI_DIRECT_BUF_SPECTRAL:
273 break;
274 default:
275 ring = NULL;
276 ath12k_warn(ab, "Recv dma buffer release ev on unsupp module %d\n",
277 ev->fixed.module_id);
278 break;
279 }
280
--> 281 if (!ring) {
"ring" is always NULL here.
282 ret = -EINVAL;
283 goto rcu_unlock;
284 }
285
286 srng = &ab->hal.srng_list[ring->refill_srng.ring_id];
287 num_entry = le32_to_cpu(ev->fixed.num_buf_release_entry);
288 size = sizeof(*buff) + ring->buf_sz + ring->buf_align - 1;
289 num_buff_reaped = 0;
290
291 spin_lock_bh(&srng->lock);
292
293 while (num_buff_reaped < num_entry) {
294 desc.info0 = ev->buf_entry[num_buff_reaped].paddr_lo;
295 desc.info1 = ev->buf_entry[num_buff_reaped].paddr_hi;
296 handler_data.meta = ev->meta_data[num_buff_reaped];
297
298 num_buff_reaped++;
299
300 ath12k_hal_rx_buf_addr_info_get(&desc, &paddr, &cookie, &rbm);
301
302 buf_id = u32_get_bits(cookie, DP_RXDMA_BUF_COOKIE_BUF_ID);
303
304 spin_lock_bh(&ring->idr_lock);
305 buff = idr_find(&ring->bufs_idr, buf_id);
306 if (!buff) {
307 spin_unlock_bh(&ring->idr_lock);
308 continue;
309 }
310 idr_remove(&ring->bufs_idr, buf_id);
311 spin_unlock_bh(&ring->idr_lock);
312
313 dma_unmap_single(ab->dev, buff->paddr, ring->buf_sz,
314 DMA_FROM_DEVICE);
315
316 if (ring->handler) {
317 vaddr_unalign = buff->payload;
318 handler_data.data = PTR_ALIGN(vaddr_unalign,
319 ring->buf_align);
320 handler_data.data_sz = ring->buf_sz;
321
322 ring->handler(ar, &handler_data);
323 }
324
325 memset(buff, 0, size);
326 ath12k_dbring_bufs_replenish(ar, ring, buff, GFP_ATOMIC);
327 }
328
329 spin_unlock_bh(&srng->lock);
330
331 rcu_unlock:
332 rcu_read_unlock();
333
334 return ret;
335 }
regards,
dan carpenter
More information about the ath12k
mailing list