Re: [kvalo-ath:pending 52/56] drivers/net/wireless/ath/ath11k/wmi.c:5651 ath11k_wmi_tlv_fw_stats_data_parse() error: uninitialized symbol 'len'.
From: Kalle Valo
Date: Tue Jan 11 2022 - 08:35:36 EST
(moving from ath10k list to ath11k list)
Dan Carpenter <dan.carpenter@xxxxxxxxxx> writes:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git pending
> head: 34cbb4043dca455fca888e1ced323e588912b6a2
> commit: bc5c448b70ff141f8a2b5cbbab79fba08d7a1be0 [52/56] ath11k:
> report rssi of each chain to mac80211 for QCA6390/WCN6855
> config: riscv-randconfig-m031-20211210
> (https://download.01.org/0day-ci/archive/20211211/202112110427.o6xDAKfE-lkp@xxxxxxxxx/config)
> compiler: riscv64-linux-gcc (GCC) 11.2.0
This was a test commit in the pending branch, I applied the actual
commit as:
b488c766442f ath11k: report rssi of each chain to mac80211 for QCA6390/WCN6855
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@xxxxxxxxx>
> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> New smatch warnings:
> drivers/net/wireless/ath/ath11k/wmi.c:5651
> ath11k_wmi_tlv_fw_stats_data_parse() error: uninitialized symbol
> 'len'.
>
> Old smatch warnings:
> arch/riscv/include/asm/atomic.h:317 arch_atomic_sub_if_positive()
> warn: inconsistent indenting
> drivers/net/wireless/ath/ath11k/wmi.c:5674
> ath11k_wmi_tlv_fw_stats_data_parse() error: uninitialized symbol
> 'len'.
> drivers/net/wireless/ath/ath11k/wmi.c:5695
> ath11k_wmi_tlv_fw_stats_data_parse() error: uninitialized symbol
> 'len'.
>
> vim +/len +5651 drivers/net/wireless/ath/ath11k/wmi.c
>
> bc5c448b70ff14 Wen Gong 2021-12-08 5629 static int
> ath11k_wmi_tlv_fw_stats_data_parse(struct ath11k_base *ab,
> bc5c448b70ff14 Wen Gong 2021-12-08 5630 struct wmi_tlv_fw_stats_parse
> *parse,
> bc5c448b70ff14 Wen Gong 2021-12-08 5631 const void *ptr)
> bc5c448b70ff14 Wen Gong 2021-12-08 5632 {
> bc5c448b70ff14 Wen Gong 2021-12-08 5633 struct ath11k_fw_stats *stats
> = parse->stats;
> bc5c448b70ff14 Wen Gong 2021-12-08 5634 const struct wmi_stats_event
> *ev = parse->ev;
> bc5c448b70ff14 Wen Gong 2021-12-08 5635 int i;
> bc5c448b70ff14 Wen Gong 2021-12-08 5636 const void *data = ptr;
> bc5c448b70ff14 Wen Gong 2021-12-08 5637 u32 len;
> bc5c448b70ff14 Wen Gong 2021-12-08 5638
> bc5c448b70ff14 Wen Gong 2021-12-08 5639 if (!ev) {
> bc5c448b70ff14 Wen Gong 2021-12-08 5640 ath11k_warn(ab, "failed to
> fetch update stats ev");
> bc5c448b70ff14 Wen Gong 2021-12-08 5641 return -EPROTO;
> bc5c448b70ff14 Wen Gong 2021-12-08 5642 }
> d5c65159f28953 Kalle Valo 2019-11-23 5643
> d5c65159f28953 Kalle Valo 2019-11-23 5644 stats->stats_id = 0;
> d5c65159f28953 Kalle Valo 2019-11-23 5645
> d5c65159f28953 Kalle Valo 2019-11-23 5646 for (i = 0; i <
> ev->num_pdev_stats; i++) {
> d5c65159f28953 Kalle Valo 2019-11-23 5647 const struct wmi_pdev_stats
> *src;
> d5c65159f28953 Kalle Valo 2019-11-23 5648 struct ath11k_fw_stats_pdev
> *dst;
> d5c65159f28953 Kalle Valo 2019-11-23 5649
> d5c65159f28953 Kalle Valo 2019-11-23 5650 src = data;
> bc5c448b70ff14 Wen Gong 2021-12-08 @5651 if (len < sizeof(*src))
>
> "len" is never initialized.
I only quickly looked at this, but AFAICS ath11k_wmi_tlv_iter() provides
len to ath11k_wmi_tlv_fw_stats_parse() which again provides len to
ath11k_wmi_tlv_fw_stats_data_parse(). I'm not seeing how this is
uninitalised, did I miss something?
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches