[bug report] wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices
Dan Carpenter
dan.carpenter at linaro.org
Fri Jun 14 10:33:15 PDT 2024
Hello Kalle Valo,
Commit d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7
devices") from Nov 28, 2022 (linux-next), leads to the following
Smatch static checker warning:
drivers/net/wireless/ath/ath12k/ce.c:303 ath12k_ce_rx_post_pipe()
error: we previously assumed 'pipe->dest_ring' could be null (see line 278)
drivers/net/wireless/ath/ath12k/ce.c
271 static int ath12k_ce_rx_post_pipe(struct ath12k_ce_pipe *pipe)
272 {
273 struct ath12k_base *ab = pipe->ab;
274 struct sk_buff *skb;
275 dma_addr_t paddr;
276 int ret = 0;
277
278 if (!(pipe->dest_ring || pipe->status_ring))
This is the same as:
if (!pipe->dest_ring && !pipe->status_ring)
Imagine that ->dest_ring is NULL but ->status_ring isn't.
279 return 0;
280
281 spin_lock_bh(&ab->ce.ce_lock);
282 while (pipe->rx_buf_needed) {
283 skb = dev_alloc_skb(pipe->buf_sz);
284 if (!skb) {
285 ret = -ENOMEM;
286 goto exit;
287 }
288
289 WARN_ON_ONCE(!IS_ALIGNED((unsigned long)skb->data, 4));
290
291 paddr = dma_map_single(ab->dev, skb->data,
292 skb->len + skb_tailroom(skb),
293 DMA_FROM_DEVICE);
294 if (unlikely(dma_mapping_error(ab->dev, paddr))) {
295 ath12k_warn(ab, "failed to dma map ce rx buf\n");
296 dev_kfree_skb_any(skb);
297 ret = -EIO;
298 goto exit;
299 }
300
301 ATH12K_SKB_RXCB(skb)->paddr = paddr;
302
--> 303 ret = ath12k_ce_rx_buf_enqueue_pipe(pipe, skb, paddr);
^^^^
Unchecked dereference of pipe->dest_ring inside the function.
304 if (ret) {
305 ath12k_warn(ab, "failed to enqueue rx buf: %d\n", ret);
306 dma_unmap_single(ab->dev, paddr,
307 skb->len + skb_tailroom(skb),
308 DMA_FROM_DEVICE);
309 dev_kfree_skb_any(skb);
310 goto exit;
311 }
312 }
313
314 exit:
315 spin_unlock_bh(&ab->ce.ce_lock);
316 return ret;
317 }
regards,
dan carpenter
More information about the ath12k
mailing list