ath10k: replace vdev_id and tid in skb cb
Michal Kazior
michal.kazior at tieto.com
Thu Dec 10 05:18:11 PST 2015
On 9 December 2015 at 11:49, Dan Carpenter <dan.carpenter at oracle.com> wrote:
> Hello Michal Kazior,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch 609db229b42f: "ath10k: replace vdev_id and tid in skb cb"
> from Nov 18, 2015, leads to the following Smatch complaint:
>
> drivers/net/wireless/ath/ath10k/htt_tx.c:450 ath10k_htt_tx_get_vdev_id()
> warn: variable dereferenced before check 'cb->vif' (see line 446)
>
> drivers/net/wireless/ath/ath10k/htt_tx.c
> 445 struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
> 446 struct ath10k_vif *arvif = (void *)cb->vif->drv_priv;
> ^^^^^^^^^
> Dereference.
>
> 447
> 448 if (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN)
> 449 return ar->scan.vdev_id;
> 450 else if (cb->vif)
> ^^^^^^^
> Checked too late.
This is a false positive.
The drv_priv is a 0-len/dynamic array at the end of ieee80211_vif
struct. The cb->vif->drv_priv expression should be expanded to a mere
(cb->vif)+offsetof(drv_priv) which isn't a dereference per se.
Michał
More information about the ath10k
mailing list