[bug report] mt76: add support for setting mcast rate

Dan Carpenter dan.carpenter at oracle.com
Tue Nov 16 03:33:21 PST 2021 

Hello Ryder Lee,

This is a semi-automatic email about new static checker warnings.

The patch 33920b2bf048: "mt76: add support for setting mcast rate"
from Jul 21, 2021, leads to the following Smatch complaint:

    drivers/net/wireless/mediatek/mt76/mt7921/mac.c:906 mt7921_mac_write_txwi()
    error: we previously assumed 'vif' could be null (see line 852)

drivers/net/wireless/mediatek/mt76/mt7921/mac.c
   851	
   852		if (vif) {
                    ^^^
At the start of the function it assumes that "vif" can be NULL

   853			struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
   854	
   855			omac_idx = mvif->omac_idx;
   856			wmm_idx = mvif->wmm_idx;
   857		}
   858	
   859		if (beacon) {
   860			p_fmt = MT_TX_TYPE_FW;
   861			q_idx = MT_LMAC_BCN0;
   862		} else if (skb_get_queue_mapping(skb) >= MT_TXQ_PSD) {
   863			p_fmt = is_mmio ? MT_TX_TYPE_CT : MT_TX_TYPE_SF;
   864			q_idx = MT_LMAC_ALTX0;
   865		} else {
   866			p_fmt = is_mmio ? MT_TX_TYPE_CT : MT_TX_TYPE_SF;
   867			q_idx = wmm_idx * MT7921_MAX_WMM_SETS +
   868				mt7921_lmac_mapping(dev, skb_get_queue_mapping(skb));
   869		}
   870	
   871		val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len + sz_txd) |
   872		      FIELD_PREP(MT_TXD0_PKT_FMT, p_fmt) |
   873		      FIELD_PREP(MT_TXD0_Q_IDX, q_idx);
   874		txwi[0] = cpu_to_le32(val);
   875	
   876		val = MT_TXD1_LONG_FORMAT |
   877		      FIELD_PREP(MT_TXD1_WLAN_IDX, wcid->idx) |
   878		      FIELD_PREP(MT_TXD1_OWN_MAC, omac_idx);
   879	
   880		txwi[1] = cpu_to_le32(val);
   881		txwi[2] = 0;
   882	
   883		val = FIELD_PREP(MT_TXD3_REM_TX_COUNT, tx_count);
   884		if (key)
   885			val |= MT_TXD3_PROTECT_FRAME;
   886		if (info->flags & IEEE80211_TX_CTL_NO_ACK)
   887			val |= MT_TXD3_NO_ACK;
   888	
   889		txwi[3] = cpu_to_le32(val);
   890		txwi[4] = 0;
   891	
   892		val = FIELD_PREP(MT_TXD5_PID, pid);
   893		if (pid >= MT_PACKET_ID_FIRST)
   894			val |= MT_TXD5_TX_STATUS_HOST;
   895		txwi[5] = cpu_to_le32(val);
   896	
   897		txwi[6] = 0;
   898		txwi[7] = wcid->amsdu ? cpu_to_le32(MT_TXD7_HW_AMSDU) : 0;
   899	
   900		if (is_8023)
   901			mt7921_mac_write_txwi_8023(dev, txwi, skb, wcid);
   902		else
   903			mt7921_mac_write_txwi_80211(dev, txwi, skb, key);
   904	
   905		if (txwi[2] & cpu_to_le32(MT_TXD2_FIX_RATE)) {
   906			int rateidx = ffs(vif->bss_conf.basic_rates) - 1;
                                          ^^^^^
But the patch adds a new unchecked dereference

   907			u16 rate, mode;
   908	

regards,
dan carpenter

More information about the Linux-mediatek mailing list