[bug report] ath10k: abstract htt_rx_desc structure
Dan Carpenter
dan.carpenter at oracle.com
Tue Feb 1 05:09:00 PST 2022
Hello Francesco Magliocca,
The patch 6bae9de622d3: "ath10k: abstract htt_rx_desc structure" from
Jan 12, 2022, leads to the following Smatch static checker warning:
drivers/net/wireless/ath/ath10k/htt_rx.c:432 ath10k_htt_rx_amsdu_pop()
warn: potential pointer math issue ('rx_desc' is a 32 bit pointer)
drivers/net/wireless/ath/ath10k/htt_rx.c
346 static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt *htt,
347 struct sk_buff_head *amsdu)
348 {
349 struct ath10k *ar = htt->ar;
350 struct ath10k_hw_params *hw = &ar->hw_params;
351 int msdu_len, msdu_chaining = 0;
352 struct sk_buff *msdu;
353 struct htt_rx_desc *rx_desc;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
354 struct rx_attention *rx_desc_attention;
355 struct rx_frag_info_common *rx_desc_frag_info_common;
356 struct rx_msdu_start_common *rx_desc_msdu_start_common;
357 struct rx_msdu_end_common *rx_desc_msdu_end_common;
358
[ snip ]
427
428 last_msdu = __le32_to_cpu(rx_desc_msdu_end_common->info0) &
429 RX_MSDU_END_INFO0_LAST_MSDU;
430
431 /* FIXME: why are we skipping the first part of the rx_desc? */
--> 432 trace_ath10k_htt_rx_desc(ar, rx_desc + sizeof(u32),
^^^^^^^^^^^^^^^^^^^^^
This is a pointer math bug. It's possible that it should be:
trace_ath10k_htt_rx_desc(ar, (u8 *)rx_desc + sizeof(u32),
But as your FIXME notes, it's hard to tell what's going on here...
433 hw->rx_desc_ops->rx_desc_size - sizeof(u32));
434
435 if (last_msdu)
436 break;
437 }
regards,
dan carpenter
More information about the ath10k
mailing list