[bug report] wifi: mt76: fix race condition related to checking tx queue fill status
Dan Carpenter
dan.carpenter at linaro.org
Thu Oct 12 02:43:09 PDT 2023
Hello Felix Fietkau,
The patch 0335c034e726: "wifi: mt76: fix race condition related to
checking tx queue fill status" from Aug 29, 2023 (linux-next), leads
to the following Smatch static checker warning:
drivers/net/wireless/mediatek/mt76/tx.c:348 mt76_tx()
error: we previously assumed 'wcid' could be null (see line 342)
drivers/net/wireless/mediatek/mt76/tx.c
338
339 if (WARN_ON(skb_get_queue_mapping(skb) >= MT_TXQ_PSD))
340 skb_set_queue_mapping(skb, MT_TXQ_BE);
341
342 if (wcid && !(wcid->tx_info & MT_WCID_TX_INFO_SET))
^^^^
This assumes wcid can be NULL
343 ieee80211_get_tx_rates(info->control.vif, sta, skb,
344 info->control.rates, 1);
345
346 info->hw_queue |= FIELD_PREP(MT_TX_HW_QUEUE_PHY, phy->band_idx);
347
--> 348 spin_lock_bh(&wcid->tx_pending.lock);
^^^^^^^
Unchecked dereference
349 __skb_queue_tail(&wcid->tx_pending, skb);
350 spin_unlock_bh(&wcid->tx_pending.lock);
351
352 spin_lock_bh(&phy->tx_lock);
353 if (list_empty(&wcid->tx_list))
354 list_add_tail(&wcid->tx_list, &phy->tx_list);
355 spin_unlock_bh(&phy->tx_lock);
356
357 mt76_worker_schedule(&phy->dev->tx_worker);
358 }
regards,
dan carpenter
More information about the Linux-mediatek
mailing list