| Message ID | 20240229084031.51957-1-dmantipov@yandex.ru |
|---|---|
| State | New |
| Headers | show |
| Series | [1/3,v2] wifi: ath11k: use ath11k_mac_get_ar_by_pdev_id() consistently | expand |
On 2/29/2024 12:40 AM, Dmitry Antipov wrote: > In 'ath11k_mac_op_remain_on_channel()', add fallback default to > handle an unknown scan state with -EINVAL. Compile tested only. > > Initially found by Linux Verification Center (linuxtesting.org) > with SVACE (and reported as an attempt to use uninitialized > variable). > > Suggested-by: Jeff Johnson <quic_jjohnson@quicinc.com> > Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> > --- > v2: prefer fallback branch over dummy initializer (Jeff Johnson) > --- > drivers/net/wireless/ath/ath11k/mac.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c > index a6a37d67a50a..47d3d5fd0423 100644 > --- a/drivers/net/wireless/ath/ath11k/mac.c > +++ b/drivers/net/wireless/ath/ath11k/mac.c > @@ -9224,6 +9224,11 @@ static int ath11k_mac_op_remain_on_channel(struct ieee80211_hw *hw, > case ATH11K_SCAN_ABORTING: > ret = -EBUSY; > break; > + default: > + ath11k_warn(ar->ab, "%s: unexpected scan state: %d\n", > + __func__, ar->scan.state); again let's wait for Kalle to comment on use of __func__ > + ret = -EINVAL; > + break; > } > spin_unlock_bh(&ar->data_lock); >
diff --git a/drivers/net/wireless/ath/ath11k/wmi.c b/drivers/net/wireless/ath/ath11k/wmi.c index 34ab9631ff36..2d93e4e78a37 100644 --- a/drivers/net/wireless/ath/ath11k/wmi.c +++ b/drivers/net/wireless/ath/ath11k/wmi.c @@ -6498,6 +6498,12 @@ static int ath11k_wmi_tlv_rssi_chain_parse(struct ath11k_base *ab, rcu_read_lock(); ar = ath11k_mac_get_ar_by_pdev_id(ab, ev->pdev_id); + if (!ar) { + ath11k_warn(ab, "%s: invalid pdev_id %d\n", + __func__, ev->pdev_id); + ret = -EINVAL; + goto exit; + } stats->stats_id = WMI_REQUEST_RSSI_PER_CHAIN_STAT; ath11k_dbg(ab, ATH11K_DBG_WMI, @@ -6570,6 +6576,12 @@ static int ath11k_wmi_tlv_fw_stats_data_parse(struct ath11k_base *ab, rcu_read_lock(); ar = ath11k_mac_get_ar_by_pdev_id(ab, ev->pdev_id); + if (!ar) { + ath11k_warn(ab, "%s: invalid pdev_id %d\n", + __func__, ev->pdev_id); + ret = -EINVAL; + goto exit; + } for (i = 0; i < ev->num_pdev_stats; i++) { const struct wmi_pdev_stats *src;
Since 'ath11k_mac_get_ar_by_pdev_id()' can return NULL, check the return value in 'ath11k_wmi_tlv_rssi_chain_parse()' as well as in 'ath11k_wmi_tlv_fw_stats_data_parse()', and return -EINVAL in case of error. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> --- v2: aggregate to the series --- drivers/net/wireless/ath/ath11k/wmi.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)