Hi wireless devs,
The patch 04f39047af2a: "nl80211/cfg80211: add radar detection
command/event" from Feb 8, 2013, leads to the following static
checker warning:
net/wireless/chan.c:250 cfg80211_set_chans_dfs_state()
warn: 'center_freq + bandwidth / 2 - 10' negative user limit promoted
to high
net/wireless/chan.c
242 static void cfg80211_set_chans_dfs_state(struct wiphy *wiphy, u32
center_freq,
243 u32 bandwidth,
244 enum nl80211_dfs_state
dfs_state)
245 {
246 struct ieee80211_channel *c;
247 u32 freq;
248
249 for (freq = center_freq - bandwidth/2 + 10;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
250 freq <= center_freq + bandwidth/2 - 10;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This isn't really a big issue but center_freq comes from
nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]) in nl80211_parse_chandef().
Smatch is complaining that there is an issue with the math
over/underflowing. It just means that we loop for a long time. It's
not a security problem. Even without the overflow, we could end up
looping for a long time.
Is center_freq capped somewhere that I haven't seen?
251 freq += 20) {
252 c = ieee80211_get_channel(wiphy, freq);
253 if (!c || !(c->flags & IEEE80211_CHAN_RADAR))
254 continue;
255
256 c->dfs_state = dfs_state;
257 c->dfs_state_entered = jiffies;
258 }
259 }
regards,
dan carpenter
