[bug report] wifi: ath12k: strange memcpy()

Dan Carpenter error27 at gmail.com
Thu Feb 16 06:00:48 PST 2023 

Hello Kalle Valo,

The patch d889913205cf: "wifi: ath12k: driver for Qualcomm Wi-Fi 7
devices" from Nov 28, 2022, leads to the following Smatch static
checker warning:

	drivers/net/wireless/ath/ath12k/wmi.c:2737 ath12k_wmi_send_init_country_cmd()
	warn: not copying enough bytes for '&cmd->cc_info.alpha2' (4 vs 3 bytes)

drivers/net/wireless/ath/ath12k/wmi.c
    2715 int ath12k_wmi_send_init_country_cmd(struct ath12k *ar,
    2716                                      struct ath12k_wmi_init_country_arg *arg)
    2717 {
    2718         struct ath12k_wmi_pdev *wmi = ar->wmi;
    2719         struct wmi_init_country_cmd *cmd;
    2720         struct sk_buff *skb;
    2721         int ret;
    2722 
    2723         skb = ath12k_wmi_alloc_skb(wmi->wmi_ab, sizeof(*cmd));
    2724         if (!skb)
    2725                 return -ENOMEM;
    2726 
    2727         cmd = (struct wmi_init_country_cmd *)skb->data;
    2728         cmd->tlv_header =
    2729                 ath12k_wmi_tlv_cmd_hdr(WMI_TAG_SET_INIT_COUNTRY_CMD,
    2730                                        sizeof(*cmd));
    2731 
    2732         cmd->pdev_id = cpu_to_le32(ar->pdev->pdev_id);
    2733 
    2734         switch (arg->flags) {
    2735         case ALPHA_IS_SET:
    2736                 cmd->init_cc_type = WMI_COUNTRY_INFO_TYPE_ALPHA;
--> 2737                 memcpy(&cmd->cc_info.alpha2, arg->cc_info.alpha2, 3);

These are u32s, so it's strange to only copy 3 bytes.  It looks
intentional because of the 3, but it's still strange.

    2738                 break;
    2739         case CC_IS_SET:
    2740                 cmd->init_cc_type = cpu_to_le32(WMI_COUNTRY_INFO_TYPE_COUNTRY_CODE);
    2741                 cmd->cc_info.country_code =
    2742                         cpu_to_le32(arg->cc_info.country_code);
    2743                 break;
    2744         case REGDMN_IS_SET:
    2745                 cmd->init_cc_type = cpu_to_le32(WMI_COUNTRY_INFO_TYPE_REGDOMAIN);
    2746                 cmd->cc_info.regdom_id = cpu_to_le32(arg->cc_info.regdom_id);
    2747                 break;
    2748         default:
    2749                 ret = -EINVAL;
    2750                 goto out;
    2751         }
    2752 
    2753         ret = ath12k_wmi_cmd_send(wmi, skb,
    2754                                   WMI_SET_INIT_COUNTRY_CMDID);
    2755 
    2756 out:
    2757         if (ret) {
    2758                 ath12k_warn(ar->ab,
    2759                             "failed to send WMI_SET_INIT_COUNTRY CMD :%d\n",
    2760                             ret);
    2761                 dev_kfree_skb(skb);
    2762         }
    2763 
    2764         return ret;
    2765 }

regards,
dan carpenter

More information about the ath12k mailing list