Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp1898210pxp; Mon, 21 Mar 2022 07:16:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzqP8wP4aWJm4PhE+MO7/zAJmt1oGkCr/zBsWdsBniZDXVdvWr2wqd9yj4njBnoBoBQIfxk X-Received: by 2002:a63:6c01:0:b0:37c:73a0:a175 with SMTP id h1-20020a636c01000000b0037c73a0a175mr17911063pgc.415.1647872169361; Mon, 21 Mar 2022 07:16:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647872169; cv=none; d=google.com; s=arc-20160816; b=xSeR1swHjdpCbUSBlfERVsWpRpuNOks/wemFalvZFNrjPFZIhf2Q3Om7MDfQxUxspA L+EnBm0x0vs3Ee4Ed5otpk41QOX4qligF4JlI8MMVBR7gLfqmd1H13thCHEHJYvdObrO 4+pXhjPwn1LprIfC5LfHFcRuA2bejZ5BmHS7/PFuhw9HdFwdYnO20eNaK7sw8r08GZkH tzZtvD7rENGUxf5lqZ/zH+IQpTnKvftn8PYIDvZLyKh4Uvm2RSYxWV9e64IognrwflCi w4svZ1yJ803SacIC7FWnhUYyK1lTJpvNZp36PbjfnZ+eqa44n0ywsb5uGCxwAjnqruzi jNJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from :dkim-signature; bh=imxsjvClszLiVFlSXeqAvOWndWBefHJ4UoHE31UCw34=; b=WA9yg1KyB5bh7F2LzDKRNnEUpO4dIMM2C13FtFPChxmszuI0Y7ONyUHNUucNVb9bXC rdGrMF3sztaXU1d0joLNA2IkYEwdvqEEQuaxduGBFVqjQg0WMriFZrhxcc3DQMlBKdr0 Rg8ITUmWGIlNYst9/MPp31xkq4ZY7dPAeF1QrPXR2Y0lrtsXiKAfyd/sgt9pw5VowJ+x GUIi4ntxJhe1GLeyWgvIjaHJl3kvqbnDxVX9zg0nLaI+221RM4SXRYnH9TlWGBP7KIW0 hkGUXUOFqnqnQShQil/sFlINPUwQkZcRPjPK2mdK4sZZJ+KZi8gBtsFv17bKdsoyMaZ6 cuLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=f04iMKP1; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ay7-20020a056a00300700b004fa3a8dff8fsi7263825pfb.70.2022.03.21.07.15.57; Mon, 21 Mar 2022 07:16:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=f04iMKP1; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244683AbiCTD4H (ORCPT + 70 others); Sat, 19 Mar 2022 23:56:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38004 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231244AbiCTD4G (ORCPT ); Sat, 19 Mar 2022 23:56:06 -0400 Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1BF514B87D; Sat, 19 Mar 2022 20:54:44 -0700 (PDT) Received: by mail-pg1-x529.google.com with SMTP id o23so7979477pgk.13; Sat, 19 Mar 2022 20:54:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id; bh=imxsjvClszLiVFlSXeqAvOWndWBefHJ4UoHE31UCw34=; b=f04iMKP1ycIlKTDUthtjZ2ga4WOhbsgyISVcqFlss4PfutkAoYRRaiXWFZ30XMDwDc T9z4n9yIAvDgClsYyBCM86sexcCYDf2mx3QqQhjiUJDng/+VU4iV9AwNRpEMCuFhWjSd SmniDtPR93aHeWRJmIodfrIKnKMSa6qtcrmwymzmZ3psVBiHQFI8ZvHQcMX/lXHYCxT7 KIHhVmuVEE95Gzk82Jo93IZpDk1+3IPQCAuJwK/73YjhXs9L9jO6YRiHXOo3y2RmGWKU m9O93kNprA3cvRx74+jl+zkpORMBWl7A861maiUFSKdaowcDX/BcEWTooJ64TDa+E7gP 9JWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=imxsjvClszLiVFlSXeqAvOWndWBefHJ4UoHE31UCw34=; b=JsNBKxLzKR3z5XDwl6N7uK/95w/uk4cvdmlthQvm98fdz19VVSfoxaKR2kAi5bQ+Gn HgDBw6VIUMszvLWCC1fh3gTxIZKtxDQvX573eHUDmR+Y6aPdNfWGELFiSY6ErIOXSr53 yS9dAObGq9ea7wpYnjdKYArr6xgI1MX8EZ4EkBoji9tXKN1jxiwNYucqqJbl+GWsdNiH 7GADF8nFj8I+fyXkcY/whZlFo5Jy1T1TQoHPDosVtBPBN1HEvsqDDVitu05sUtpeKoc3 g/t72JvmwtuFUWUJLKs+74oiTx4uuRN2UHxvywxHsKoSa2/Te34HnBoIBWhkT7Klcbmc hi1Q== X-Gm-Message-State: AOAM532T2F/osS+KApNPIAtNYzubfX9wWqaEC0BmC3yizsazL2eY1rLf ARzdsvRJEN+WDtuL577asR0= X-Received: by 2002:a05:6a00:179f:b0:4f7:8ed9:ebae with SMTP id s31-20020a056a00179f00b004f78ed9ebaemr17453768pfg.28.1647748484170; Sat, 19 Mar 2022 20:54:44 -0700 (PDT) Received: from localhost.localdomain ([36.24.165.243]) by smtp.googlemail.com with ESMTPSA id p10-20020a056a0026ca00b004f7d9dac802sm14308492pfw.114.2022.03.19.20.54.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Mar 2022 20:54:43 -0700 (PDT) From: Xiaomeng Tong To: pizza@shaftnet.org Cc: kvalo@kernel.org, davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, linville@tuxdriver.com, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, jakobkoschel@gmail.com, Xiaomeng Tong Subject: [PATCH v2] cw1200: fix incorrect check to determine if no element is found in list Date: Sun, 20 Mar 2022 11:54:36 +0800 Message-Id: <20220320035436.11293-1-xiam0nd.tong@gmail.com> X-Mailer: git-send-email 2.17.1 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org The bug is here: "} else if (item) {". The list iterator value will *always* be set and non-NULL by list_for_each_entry(), so it is incorrect to assume that the iterator value will be NULL if the list is empty or no element is found in list. Use a new value 'iter' as the list iterator, while use the old value 'item' as a dedicated pointer to point to the found element, which 1. can fix this bug, due to now 'item' is NULL only if it's not found. 2. do not need to change all the uses of 'item' after the loop. 3. can also limit the scope of the list iterator 'iter' *only inside* the traversal loop by simply declaring 'iter' inside the loop in the future, as usage of the iterator outside of the list_for_each_entry is considered harmful. https://lkml.org/lkml/2022/2/17/1032 Fixes: a910e4a94f692 ("cw1200: add driver for the ST-E CW1100 & CW1200 WLAN chipsets") Signed-off-by: Xiaomeng Tong --- changes since v1: - fix incorrect check to item (Jakob Koschel) v1: https://lore.kernel.org/all/20220319063800.28791-1-xiam0nd.tong@gmail.com/ --- drivers/net/wireless/st/cw1200/queue.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/drivers/net/wireless/st/cw1200/queue.c b/drivers/net/wireless/st/cw1200/queue.c index 12952b1c29df..d8dd4fac4ef1 100644 --- a/drivers/net/wireless/st/cw1200/queue.c +++ b/drivers/net/wireless/st/cw1200/queue.c @@ -90,23 +90,25 @@ static void __cw1200_queue_gc(struct cw1200_queue *queue, bool unlock) { struct cw1200_queue_stats *stats = queue->stats; - struct cw1200_queue_item *item = NULL, *tmp; + struct cw1200_queue_item *item = NULL, *iter, *tmp; bool wakeup_stats = false; - list_for_each_entry_safe(item, tmp, &queue->queue, head) { - if (jiffies - item->queue_timestamp < queue->ttl) + list_for_each_entry_safe(iter, tmp, &queue->queue, head) { + if (jiffies - iter->queue_timestamp < queue->ttl) { + item = iter; break; + } --queue->num_queued; - --queue->link_map_cache[item->txpriv.link_id]; + --queue->link_map_cache[iter->txpriv.link_id]; spin_lock_bh(&stats->lock); --stats->num_queued; - if (!--stats->link_map_cache[item->txpriv.link_id]) + if (!--stats->link_map_cache[iter->txpriv.link_id]) wakeup_stats = true; spin_unlock_bh(&stats->lock); cw1200_debug_tx_ttl(stats->priv); - cw1200_queue_register_post_gc(head, item); - item->skb = NULL; - list_move_tail(&item->head, &queue->free_pool); + cw1200_queue_register_post_gc(head, iter); + iter->skb = NULL; + list_move_tail(&iter->head, &queue->free_pool); } if (wakeup_stats) -- 2.17.1