:::::: :::::: Manual check reason: "low confidence bisect report" :::::: Manual check reason: "low confidence static check warning: drivers/net/wireless/ath/ath11k/dp_rx.c:4960:24: warning: use of uninitialized value 'prev_buf' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]" ::::::
BCC: [email protected] CC: [email protected] CC: [email protected] TO: Anilkumar Kolli <[email protected]> CC: Kalle Valo <[email protected]> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: ce888220d5c7a805e0e155302a318d5d23e62950 commit: 7e2ea2e947046834a450295dfd328adb70a9f864 ath11k: Process full monitor mode rx support date: 9 months ago :::::: branch date: 13 hours ago :::::: commit date: 9 months ago config: arm-randconfig-c002-20220908 (https://download.01.org/0day-ci/archive/20220910/[email protected]/config) compiler: arm-linux-gnueabi-gcc (GCC) 12.1.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e2ea2e947046834a450295dfd328adb70a9f864 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 7e2ea2e947046834a450295dfd328adb70a9f864 # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error' If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <[email protected]> gcc_analyzer warnings: (new ones prefixed by >>) drivers/net/wireless/ath/ath11k/dp_rx.c: In function 'ath11k_dp_rx_mon_merg_msdus': >> drivers/net/wireless/ath/ath11k/dp_rx.c:4960:24: warning: use of >> uninitialized value 'prev_buf' [CWE-457] >> [-Wanalyzer-use-of-uninitialized-value] 4960 | dest = skb_put(prev_buf, HAL_RX_FCS_LEN); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'ath11k_dp_rx_pktlog_stop': events 1-2 | | 5616 | int ath11k_dp_rx_pktlog_stop(struct ath11k_base *ab, bool stop_timer) | | ^~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to 'ath11k_dp_rx_pktlog_stop' |...... | 5624 | ret = ath11k_dp_purge_mon_ring(ab); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) calling 'ath11k_dp_purge_mon_ring' from 'ath11k_dp_rx_pktlog_stop' | +--> 'ath11k_dp_purge_mon_ring': events 3-6 | | 313 | static int ath11k_dp_purge_mon_ring(struct ath11k_base *ab) | | ^~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) entry to 'ath11k_dp_purge_mon_ring' |...... | 319 | for (i = 0; i < ab->hw_params.num_rxmda_per_pdev; i++) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) following 'true' branch... | 320 | reaped += ath11k_dp_rx_process_mon_rings(ab, i, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (5) ...to here | | (6) calling 'ath11k_dp_rx_process_mon_rings' from 'ath11k_dp_purge_mon_ring' | 321 | NULL, | | ~~~~~ | 322 | DP_MON_SERVICE_BUDGET); | | ~~~~~~~~~~~~~~~~~~~~~~ | +--> 'ath11k_dp_rx_process_mon_rings': events 7-9 | | 5518 | int ath11k_dp_rx_process_mon_rings(struct ath11k_base *ab, int mac_id, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (7) entry to 'ath11k_dp_rx_process_mon_rings' |...... | 5524 | if (test_bit(ATH11K_FLAG_MONITOR_STARTED, &ar->monitor_flags) && | | ~ | | | | | (8) following 'true' branch... | 5525 | ab->hw_params.full_monitor_mode) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (9) ...to here | 'ath11k_dp_rx_process_mon_rings': events 10-12 | | 5524 | if (test_bit(ATH11K_FLAG_MONITOR_STARTED, &ar->monitor_flags) && | 5525 | ab->hw_params.full_monitor_mode) | 5526 | ret = ath11k_dp_full_mon_process_rx(ab, mac_id, napi, budget); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (11) ...to here | | (12) calling 'ath11k_dp_full_mon_process_rx' from 'ath11k_dp_rx_process_mon_rings' | +--> 'ath11k_dp_full_mon_process_rx': events 13-14 | | 5418 | static int ath11k_dp_full_mon_process_rx(struct ath11k_base *ab, int mac_id, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (13) entry to 'ath11k_dp_full_mon_process_rx' |...... | 5496 | quota = ath11k_dp_rx_process_full_mon_status_ring(ab, mac_id, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (14) calling 'ath11k_dp_rx_process_full_mon_status_ring' from 'ath11k_dp_full_mon_process_rx' | 5497 | napi, budget); | | ~~~~~~~~~~~~~ | +--> 'ath11k_dp_rx_process_full_mon_status_ring': events 15-20 | | 5376 | ath11k_dp_rx_process_full_mon_status_ring(struct ath11k_base *ab, int mac_id, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (15) entry to 'ath11k_dp_rx_process_full_mon_status_ring' |...... | 5387 | while (pmon->hold_mon_dst_ring) { | | ~~~~ | | | | | (16) following 'true' branch... | 5388 | quota = ath11k_dp_rx_process_mon_status(ab, mac_id, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (17) ...to here | 5389 | napi, 1); | | ~~~~~~~~ | 5390 | if (pmon->buf_state == DP_MON_STATUS_MATCH) { | | ~ | | | | | (18) following 'true' branch... | 5391 | count = sw_mon_entries->status_buf_count; | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (19) ...to here vim +/prev_buf +4960 drivers/net/wireless/ath/ath11k/dp_rx.c d5c65159f28953 Kalle Valo 2019-11-23 4874 d5c65159f28953 Kalle Valo 2019-11-23 4875 static struct sk_buff * d5c65159f28953 Kalle Valo 2019-11-23 4876 ath11k_dp_rx_mon_merg_msdus(struct ath11k *ar, d5c65159f28953 Kalle Valo 2019-11-23 4877 u32 mac_id, struct sk_buff *head_msdu, d5c65159f28953 Kalle Valo 2019-11-23 4878 struct sk_buff *last_msdu, 787264893c69ed P Praneesh 2021-10-25 4879 struct ieee80211_rx_status *rxs, bool *fcs_err) d5c65159f28953 Kalle Valo 2019-11-23 4880 { e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4881 struct ath11k_base *ab = ar->ab; 7210b4b77fe476 Tim Gardner 2021-10-05 4882 struct sk_buff *msdu, *prev_buf; e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4883 u32 wifi_hdr_len; d5c65159f28953 Kalle Valo 2019-11-23 4884 struct hal_rx_desc *rx_desc; d5c65159f28953 Kalle Valo 2019-11-23 4885 char *hdr_desc; e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4886 u8 *dest, decap_format; d5c65159f28953 Kalle Valo 2019-11-23 4887 struct ieee80211_hdr_3addr *wh; e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4888 struct rx_attention *rx_attention; 787264893c69ed P Praneesh 2021-10-25 4889 u32 err_bitmap; d5c65159f28953 Kalle Valo 2019-11-23 4890 d5c65159f28953 Kalle Valo 2019-11-23 4891 if (!head_msdu) d5c65159f28953 Kalle Valo 2019-11-23 4892 goto err_merge_fail; d5c65159f28953 Kalle Valo 2019-11-23 4893 d5c65159f28953 Kalle Valo 2019-11-23 4894 rx_desc = (struct hal_rx_desc *)head_msdu->data; e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4895 rx_attention = ath11k_dp_rx_get_attention(ab, rx_desc); 787264893c69ed P Praneesh 2021-10-25 4896 err_bitmap = ath11k_dp_rx_h_attn_mpdu_err(rx_attention); 787264893c69ed P Praneesh 2021-10-25 4897 787264893c69ed P Praneesh 2021-10-25 4898 if (err_bitmap & DP_RX_MPDU_ERR_FCS) 787264893c69ed P Praneesh 2021-10-25 4899 *fcs_err = true; d5c65159f28953 Kalle Valo 2019-11-23 4900 e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4901 if (ath11k_dp_rxdesc_get_mpdulen_err(rx_attention)) d5c65159f28953 Kalle Valo 2019-11-23 4902 return NULL; d5c65159f28953 Kalle Valo 2019-11-23 4903 e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4904 decap_format = ath11k_dp_rx_h_msdu_start_decap_type(ab, rx_desc); d5c65159f28953 Kalle Valo 2019-11-23 4905 d5c65159f28953 Kalle Valo 2019-11-23 4906 ath11k_dp_rx_h_ppdu(ar, rx_desc, rxs); d5c65159f28953 Kalle Valo 2019-11-23 4907 d5c65159f28953 Kalle Valo 2019-11-23 4908 if (decap_format == DP_RX_DECAP_TYPE_RAW) { e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4909 ath11k_dp_rx_msdus_set_payload(ar, head_msdu); d5c65159f28953 Kalle Valo 2019-11-23 4910 d5c65159f28953 Kalle Valo 2019-11-23 4911 prev_buf = head_msdu; d5c65159f28953 Kalle Valo 2019-11-23 4912 msdu = head_msdu->next; d5c65159f28953 Kalle Valo 2019-11-23 4913 d5c65159f28953 Kalle Valo 2019-11-23 4914 while (msdu) { e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4915 ath11k_dp_rx_msdus_set_payload(ar, msdu); d5c65159f28953 Kalle Valo 2019-11-23 4916 d5c65159f28953 Kalle Valo 2019-11-23 4917 prev_buf = msdu; d5c65159f28953 Kalle Valo 2019-11-23 4918 msdu = msdu->next; d5c65159f28953 Kalle Valo 2019-11-23 4919 } d5c65159f28953 Kalle Valo 2019-11-23 4920 d5c65159f28953 Kalle Valo 2019-11-23 4921 prev_buf->next = NULL; d5c65159f28953 Kalle Valo 2019-11-23 4922 d5c65159f28953 Kalle Valo 2019-11-23 4923 skb_trim(prev_buf, prev_buf->len - HAL_RX_FCS_LEN); d5c65159f28953 Kalle Valo 2019-11-23 4924 } else if (decap_format == DP_RX_DECAP_TYPE_NATIVE_WIFI) { d5c65159f28953 Kalle Valo 2019-11-23 4925 __le16 qos_field; d5c65159f28953 Kalle Valo 2019-11-23 4926 u8 qos_pkt = 0; d5c65159f28953 Kalle Valo 2019-11-23 4927 d5c65159f28953 Kalle Valo 2019-11-23 4928 rx_desc = (struct hal_rx_desc *)head_msdu->data; e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4929 hdr_desc = ath11k_dp_rxdesc_get_80211hdr(ab, rx_desc); d5c65159f28953 Kalle Valo 2019-11-23 4930 d5c65159f28953 Kalle Valo 2019-11-23 4931 /* Base size */ d5c65159f28953 Kalle Valo 2019-11-23 4932 wifi_hdr_len = sizeof(struct ieee80211_hdr_3addr); d5c65159f28953 Kalle Valo 2019-11-23 4933 wh = (struct ieee80211_hdr_3addr *)hdr_desc; d5c65159f28953 Kalle Valo 2019-11-23 4934 d5c65159f28953 Kalle Valo 2019-11-23 4935 if (ieee80211_is_data_qos(wh->frame_control)) { d5c65159f28953 Kalle Valo 2019-11-23 4936 struct ieee80211_qos_hdr *qwh = d5c65159f28953 Kalle Valo 2019-11-23 4937 (struct ieee80211_qos_hdr *)hdr_desc; d5c65159f28953 Kalle Valo 2019-11-23 4938 d5c65159f28953 Kalle Valo 2019-11-23 4939 qos_field = qwh->qos_ctrl; d5c65159f28953 Kalle Valo 2019-11-23 4940 qos_pkt = 1; d5c65159f28953 Kalle Valo 2019-11-23 4941 } d5c65159f28953 Kalle Valo 2019-11-23 4942 msdu = head_msdu; d5c65159f28953 Kalle Valo 2019-11-23 4943 d5c65159f28953 Kalle Valo 2019-11-23 4944 while (msdu) { d5c65159f28953 Kalle Valo 2019-11-23 4945 rx_desc = (struct hal_rx_desc *)msdu->data; e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4946 hdr_desc = ath11k_dp_rxdesc_get_80211hdr(ab, rx_desc); d5c65159f28953 Kalle Valo 2019-11-23 4947 d5c65159f28953 Kalle Valo 2019-11-23 4948 if (qos_pkt) { d5c65159f28953 Kalle Valo 2019-11-23 4949 dest = skb_push(msdu, sizeof(__le16)); d5c65159f28953 Kalle Valo 2019-11-23 4950 if (!dest) d5c65159f28953 Kalle Valo 2019-11-23 4951 goto err_merge_fail; d5c65159f28953 Kalle Valo 2019-11-23 4952 memcpy(dest, hdr_desc, wifi_hdr_len); d5c65159f28953 Kalle Valo 2019-11-23 4953 memcpy(dest + wifi_hdr_len, d5c65159f28953 Kalle Valo 2019-11-23 4954 (u8 *)&qos_field, sizeof(__le16)); d5c65159f28953 Kalle Valo 2019-11-23 4955 } e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4956 ath11k_dp_rx_msdus_set_payload(ar, msdu); d5c65159f28953 Kalle Valo 2019-11-23 4957 prev_buf = msdu; d5c65159f28953 Kalle Valo 2019-11-23 4958 msdu = msdu->next; d5c65159f28953 Kalle Valo 2019-11-23 4959 } d5c65159f28953 Kalle Valo 2019-11-23 @4960 dest = skb_put(prev_buf, HAL_RX_FCS_LEN); d5c65159f28953 Kalle Valo 2019-11-23 4961 if (!dest) d5c65159f28953 Kalle Valo 2019-11-23 4962 goto err_merge_fail; d5c65159f28953 Kalle Valo 2019-11-23 4963 e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4964 ath11k_dbg(ab, ATH11K_DBG_DATA, d5c65159f28953 Kalle Valo 2019-11-23 4965 "mpdu_buf %pK mpdu_buf->len %u", d5c65159f28953 Kalle Valo 2019-11-23 4966 prev_buf, prev_buf->len); d5c65159f28953 Kalle Valo 2019-11-23 4967 } else { e678fbd401b9bd Karthikeyan Periyasamy 2021-02-16 4968 ath11k_dbg(ab, ATH11K_DBG_DATA, d5c65159f28953 Kalle Valo 2019-11-23 4969 "decap format %d is not supported!\n", d5c65159f28953 Kalle Valo 2019-11-23 4970 decap_format); d5c65159f28953 Kalle Valo 2019-11-23 4971 goto err_merge_fail; d5c65159f28953 Kalle Valo 2019-11-23 4972 } d5c65159f28953 Kalle Valo 2019-11-23 4973 d5c65159f28953 Kalle Valo 2019-11-23 4974 return head_msdu; d5c65159f28953 Kalle Valo 2019-11-23 4975 d5c65159f28953 Kalle Valo 2019-11-23 4976 err_merge_fail: d5c65159f28953 Kalle Valo 2019-11-23 4977 return NULL; d5c65159f28953 Kalle Valo 2019-11-23 4978 } d5c65159f28953 Kalle Valo 2019-11-23 4979 :::::: The code at line 4960 was first introduced by commit :::::: d5c65159f2895379e11ca13f62feabe93278985d ath11k: driver for Qualcomm IEEE 802.11ax devices :::::: TO: Kalle Valo <[email protected]> :::::: CC: Kalle Valo <[email protected]> -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
