Bug 195953

Summary: Possible access to unintended variable in "linux/net/mac80211/sta_info.c" line 2158
Product: Networking Reporter: Petru-Florin Mihancea (petrum)
Component: WirelessAssignee: Johannes Berg (johannes)
Status: CLOSED CODE_FIX    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 4.12-rc3 Subsystem:
Regression: No Bisected commit-id:

Description Petru-Florin Mihancea 2017-06-01 06:55:22 UTC 
While experimenting with a CodeSonar plugin we develop, we noticed a
potential issue in file "linux/net/mac80211/sta_info.c" line 2158 function sta_set_sinfo

        sinfo->rx_dropped_misc = sta->rx_stats.dropped;
	if (sta->pcpu_rx_stats) {
		for_each_possible_cpu(cpu) {
			struct ieee80211_sta_rx_stats *cpurxs;

			cpurxs = per_cpu_ptr(sta->pcpu_rx_stats, cpu);
	/*HERE*/	sinfo->rx_packets += cpurxs->dropped;
		}
        }

Wasn't the intention to use "rx_dropped_misc" (instead of "rx_packets") in the indicated line. In the first line, "rx_dropped_misc" is updated.

Thank you.
Comment 1 Johannes Berg 2017-06-01 18:22:51 UTC 
Yeah, good catch, probably copy/paste issue. Will fix.