From: Julia Lawall <[email protected]>
A call to cfg80211_get_bss hould be accompanied by a call to
cfg80211_put_bss in error-handling code.
A simplified version of the semantic match that finds this problem is:
(http://coccinelle.lip6.fr/)
// <smpl>
@r exists@
local idexpression struct cfg80211_bss * x;
expression ra,rr;
position p1,p2;
@@
x = cfg80211_get_bss@p1(...)
... when != x = rr
when != cfg80211_put_bss(x,...)
when != if (...) { ... cfg80211_put_bss(x,...) ...}
if(...) { ... when != x = ra
when forall
when != cfg80211_put_bss(x,...)
\(return <+...x...+>; \| return@p2...; \) }
@script:python@
p1 << r.p1;
p2 << r.p2;
@@
cocci.print_main("cfg80211_get_bss",p1)
cocci.print_secs("return",p2)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
I don't really understand the use of the bss variable later. Afterwards,
along the normal execution path, there is also a call to cfg80211_put_bss,
but at this point bss has been redefined, and I don't have the impression
that it still points to the same value.
drivers/staging/ath6kl/os/linux/cfg80211.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/staging/ath6kl/os/linux/cfg80211.c b/drivers/staging/ath6kl/os/linux/cfg80211.c
index efd4ae5..1e6a343 100644
--- a/drivers/staging/ath6kl/os/linux/cfg80211.c
+++ b/drivers/staging/ath6kl/os/linux/cfg80211.c
@@ -545,6 +545,7 @@ ar6k_cfg80211_connect_event(struct ar6_softc *ar, u16 channel,
if(!ieeemgmtbuf) {
AR_DEBUG_PRINTF(ATH_DEBUG_ERR,
("%s: ieeeMgmtbuf alloc error\n", __func__));
+ cfg80211_put_bss(bss);
return;
}
Hi Julia,
Julia Lawall <[email protected]> writes:
> From: Julia Lawall <[email protected]>
>
> A call to cfg80211_get_bss hould be accompanied by a call to
> cfg80211_put_bss in error-handling code.
[...]
> ---
> I don't really understand the use of the bss variable later. Afterwards,
> along the normal execution path, there is also a call to cfg80211_put_bss,
> but at this point bss has been redefined, and I don't have the impression
> that it still points to the same value.
The original code looks buggy to me:
/* Before informing the join/connect event, make sure that
* bss entry is present in scan list, if it not present
* construct and insert into scan list, otherwise that
* event will be dropped on the way by cfg80211, due to
* this keys will not be plumbed in case of WEP and
* application will not be aware of join/connect status. */
bss = cfg80211_get_bss(ar->wdev->wiphy, NULL, bssid,
ar->wdev->ssid, ar->wdev->ssid_len,
((ADHOC_NETWORK & networkType) ?
WLAN_CAPABILITY_IBSS : WLAN_CAPABILITY_ESS),
((ADHOC_NETWORK & networkType) ?
WLAN_CAPABILITY_IBSS : WLAN_CAPABILITY_ESS));
But, as you point out, the bss is not used for anything. I think the
call and the comment should be just removed.
--
Kalle Valo