2021-08-31 07:47:43

by Dan Carpenter

[permalink] [raw]
Subject: [bug report] iwlwifi: mvm: Explicitly stop session protection before unbinding

Hello Ilan Peer,

This is a semi-automatic email about new static checker warnings.

The patch 7b3954a1d69a: "iwlwifi: mvm: Explicitly stop session
protection before unbinding" from Jun 18, 2021, leads to the
following Smatch complaint:

drivers/net/wireless/intel/iwlwifi/mvm/time-event.c:668 __iwl_mvm_remove_time_event()
warn: variable dereferenced before check 'te_data->vif' (see line 665)

drivers/net/wireless/intel/iwlwifi/mvm/time-event.c
664 u32 id;
665 struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(te_data->vif);
^^^^^^^^^^^^
This is dereferenced inside the function.

666 enum nl80211_iftype iftype;
667
668 if (!te_data->vif)
^^^^^^^^^^^^^
The new patch adds a check for NULL, but I don't think it is required.
The kernel would have already crashed at this point at any rate so the
dereference needs to be moved.

669 return false;
670
671 iftype = te_data->vif->type;
672
673 /*
674 * It is possible that by the time we got to this point the time
675 * event was already removed.


regards,
dan carpenter


2021-09-05 08:31:31

by Peer, Ilan

[permalink] [raw]
Subject: RE: [bug report] iwlwifi: mvm: Explicitly stop session protection before unbinding

Hi Dan,

I'll prepare a fix for this.

Thanks,

Ilan.

> -----Original Message-----
> From: Dan Carpenter <[email protected]>
> Sent: Tuesday, August 31, 2021 10:43
> To: Peer, Ilan <[email protected]>
> Cc: [email protected]
> Subject: [bug report] iwlwifi: mvm: Explicitly stop session protection before
> unbinding
>
> Hello Ilan Peer,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch 7b3954a1d69a: "iwlwifi: mvm: Explicitly stop session protection
> before unbinding" from Jun 18, 2021, leads to the following Smatch
> complaint:
>
> drivers/net/wireless/intel/iwlwifi/mvm/time-event.c:668
> __iwl_mvm_remove_time_event()
> warn: variable dereferenced before check 'te_data->vif' (see line 665)
>
> drivers/net/wireless/intel/iwlwifi/mvm/time-event.c
> 664 u32 id;
> 665 struct iwl_mvm_vif *mvmvif =
> iwl_mvm_vif_from_mac80211(te_data->vif);
> ^^^^^^^^^^^^ This is dereferenced
> inside the function.
>
> 666 enum nl80211_iftype iftype;
> 667
> 668 if (!te_data->vif)
> ^^^^^^^^^^^^^
> The new patch adds a check for NULL, but I don't think it is required.
> The kernel would have already crashed at this point at any rate so the
> dereference needs to be moved.
>
> 669 return false;
> 670
> 671 iftype = te_data->vif->type;
> 672
> 673 /*
> 674 * It is possible that by the time we got to this point the time
> 675 * event was already removed.
>
>
> regards,
> dan carpenter