[bug report] wifi: ath12k: Move TX monitor functionality to Wi-Fi 7 module

Dan Carpenter dan.carpenter at linaro.org
Tue Dec 16 23:42:56 PST 2025 

Hello Alok Singh,

Commit 52758ff7b50a ("wifi: ath12k: Move TX monitor functionality to
Wi-Fi 7 module") from Nov 10, 2025 (linux-next), leads to the
following Smatch static checker warning:

	drivers/net/wireless/ath/ath12k/wifi7/dp_mon.c:2537 ath12k_wifi7_dp_mon_tx_parse_mon_status()
	error: uninitialized symbol 'num_user'.

drivers/net/wireless/ath/ath12k/wifi7/dp_mon.c
    2508 enum hal_rx_mon_status
    2509 ath12k_wifi7_dp_mon_tx_parse_mon_status(struct ath12k_pdev_dp *dp_pdev,
    2510                                         struct ath12k_mon_data *pmon,
    2511                                         struct sk_buff *skb,
    2512                                         struct napi_struct *napi,
    2513                                         u32 ppdu_id)
    2514 {
    2515         struct ath12k_dp *dp = dp_pdev->dp;
    2516         struct ath12k_base *ab = dp->ab;
    2517         struct dp_mon_tx_ppdu_info *tx_prot_ppdu_info, *tx_data_ppdu_info;
    2518         struct hal_tlv_hdr *tlv;
    2519         u8 *ptr = skb->data;
    2520         u16 tlv_tag;
    2521         u16 tlv_len;
    2522         u32 tlv_userid = 0;
    2523         u8 num_user;
    2524         u32 tlv_status = DP_MON_TX_STATUS_PPDU_NOT_DONE;
    2525 
    2526         tx_prot_ppdu_info =
    2527                 ath12k_wifi7_dp_mon_tx_get_ppdu_info(pmon, ppdu_id,
    2528                                                      DP_MON_TX_PROT_PPDU_INFO);
    2529         if (!tx_prot_ppdu_info)
    2530                 return -ENOMEM;
    2531 
    2532         tlv = (struct hal_tlv_hdr *)ptr;
    2533         tlv_tag = le32_get_bits(tlv->tl, HAL_TLV_HDR_TAG);
    2534 
    2535         tlv_status = ath12k_wifi7_dp_mon_tx_status_get_num_user(tlv_tag, tlv,
    2536                                                                 &num_user);
--> 2537         if (tlv_status == DP_MON_TX_STATUS_PPDU_NOT_DONE || !num_user)
    2538                 return -EINVAL;

You didn't really introduce this bug, the patch just moves code around
so the scripts mark it as a new bug again.  If the
ath12k_wifi7_dp_mon_tx_status_get_num_user() function returns
DP_MON_RX_RESPONSE_REQUIRED_INFO then "num_user" is uninitialized.
There is a comment which says this needs to be fixed:
	/* TODO: need to update *num_users */

    2539 
    2540         tx_data_ppdu_info =
    2541                 ath12k_wifi7_dp_mon_tx_get_ppdu_info(pmon, ppdu_id,
    2542                                                      DP_MON_TX_DATA_PPDU_INFO);
    2543         if (!tx_data_ppdu_info)
    2544                 return -ENOMEM;
    2545 
    2546         do {
    2547                 tlv = (struct hal_tlv_hdr *)ptr;
    2548                 tlv_tag = le32_get_bits(tlv->tl, HAL_TLV_HDR_TAG);
    2549                 tlv_len = le32_get_bits(tlv->tl, HAL_TLV_HDR_LEN);
    2550                 tlv_userid = le32_get_bits(tlv->tl, HAL_TLV_USR_ID);
    2551 
    2552                 tlv_status = ath12k_wifi7_dp_mon_tx_parse_status_tlv(ab, pmon,
    2553                                                                      tlv_tag, ptr,
    2554                                                                      tlv_userid);
    2555                 ptr += tlv_len;
    2556                 ptr = PTR_ALIGN(ptr, HAL_TLV_ALIGN);
    2557                 if ((ptr - skb->data) >= DP_TX_MONITOR_BUF_SIZE)
    2558                         break;
    2559         } while (tlv_status != DP_MON_TX_FES_STATUS_END);
    2560 
    2561         ath12k_wifi7_dp_mon_tx_process_ppdu_info(dp_pdev, napi, tx_data_ppdu_info);
    2562         ath12k_wifi7_dp_mon_tx_process_ppdu_info(dp_pdev, napi, tx_prot_ppdu_info);
    2563 
    2564         return tlv_status;
    2565 }

regards,
dan carpenter

More information about the ath12k mailing list