Bug 60514
| Summary: | mac80211/cfg.c: station info not initialized in ieee80211_get_et_stats | ||
|---|---|---|---|
| Product: | Networking | Reporter: | Mikko Rapeli (mikko.rapeli) |
| Component: | Wireless | Assignee: | networking_wireless (networking_wireless) |
| Status: | CLOSED CODE_FIX | ||
| Severity: | normal | CC: | johannes, linville |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 3.10 it seems | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
Fixed, thanks. |
Coverity CID 1016544 shows: 579static void ieee80211_get_et_stats(struct wiphy *wiphy, 580 struct net_device *dev, 581 struct ethtool_stats *stats, 582 u64 *data) 583{ 584 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 585 struct ieee80211_chanctx_conf *chanctx_conf; 586 struct ieee80211_channel *channel; 587 struct sta_info *sta; 588 struct ieee80211_local *local = sdata->local; 1. var_decl: Declaring variable "sinfo" without initializer. 589 struct station_info sinfo; 590 struct survey_info survey; 591 int i, q; 592#define STA_STATS_SURVEY_LEN 7 593 594 memset(data, 0, sizeof(u64) * STA_STATS_LEN); 595 596#define ADD_STA_STATS(sta) \ 597 do { \ 598 data[i++] += sta->rx_packets; \ 599 data[i++] += sta->rx_bytes; \ 600 data[i++] += sta->wep_weak_iv_count; \ 601 data[i++] += sta->num_duplicates; \ 602 data[i++] += sta->rx_fragments; \ 603 data[i++] += sta->rx_dropped; \ 604 \ 605 data[i++] += sinfo.tx_packets; \ 606 data[i++] += sinfo.tx_bytes; \ 607 data[i++] += sta->tx_fragments; \ 608 data[i++] += sta->tx_filtered_count; \ 609 data[i++] += sta->tx_retry_failed; \ 610 data[i++] += sta->tx_retry_count; \ 611 data[i++] += sta->beacon_loss_count; \ 612 } while (0) 613 614 /* For Managed stations, find the single station based on BSSID 615 * and use that. For interface types, iterate through all available 616 * stations and add stats for any station that is assigned to this 617 * network device. 618 */ 619 620 mutex_lock(&local->sta_mtx); 621 2. Condition "sdata->vif.type == NL80211_IFTYPE_STATION", taking false branch 622 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 623 sta = sta_info_get_bss(sdata, sdata->u.mgd.bssid); 624 625 if (!(sta && !WARN_ON(sta->sdata->dev != dev))) 626 goto do_survey; 627 628 sinfo.filled = 0; 629 sta_set_sinfo(sta, &sinfo); 630 631 i = 0; 632 ADD_STA_STATS(sta); 633 634 data[i++] = sta->sta_state; 635 636 637 if (sinfo.filled & STATION_INFO_TX_BITRATE) 638 data[i] = 100000 * 639 cfg80211_calculate_bitrate(&sinfo.txrate); 640 i++; 641 if (sinfo.filled & STATION_INFO_RX_BITRATE) 642 data[i] = 100000 * 643 cfg80211_calculate_bitrate(&sinfo.rxrate); 644 i++; 645 646 if (sinfo.filled & STATION_INFO_SIGNAL_AVG) 647 data[i] = (u8)sinfo.signal_avg; 648 i++; 649 } else { 3. Condition "&sta->list != &local->sta_list", taking true branch 6. Condition "&sta->list != &local->sta_list", taking true branch 9. Condition "&sta->list != &local->sta_list", taking true branch 650 list_for_each_entry(sta, &local->sta_list, list) { 651 /* Make sure this station belongs to the proper dev */ 4. Condition "sta->sdata->dev != dev", taking true branch 7. Condition "sta->sdata->dev != dev", taking true branch 10. Condition "sta->sdata->dev != dev", taking false branch 652 if (sta->sdata->dev != dev) 5. Continuing loop 8. Continuing loop 653 continue; 654 655 i = 0; CID 1016544 (2) (#1-2 of 2): Uninitialized scalar variable (UNINIT) [select issue] 11. uninit_use: Using uninitialized value "sinfo.tx_packets". 656 ADD_STA_STATS(sta); /net/mac80211/cfg.c 596#define ADD_STA_STATS(sta) \ 597 do { \ 598 data[i++] += sta->rx_packets; \ 599 data[i++] += sta->rx_bytes; \ 600 data[i++] += sta->wep_weak_iv_count; \ 601 data[i++] += sta->num_duplicates; \ 602 data[i++] += sta->rx_fragments; \ 603 data[i++] += sta->rx_dropped; \ 604 \ 605 data[i++] += sinfo.tx_packets; \ 606 data[i++] += sinfo.tx_bytes; \ 607 data[i++] += sta->tx_fragments; \ 608 data[i++] += sta->tx_filtered_count; \ 609 data[i++] += sta->tx_retry_failed; \ 610 data[i++] += sta->tx_retry_count; \ 611 data[i++] += sta->beacon_loss_count; \ 612 } while (0) 657 } 658 } Fix could perhaps be just: --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -592,6 +592,7 @@ static void ieee80211_get_et_stats(struct wiphy *wiphy, #define STA_STATS_SURVEY_LEN 7 memset(data, 0, sizeof(u64) * STA_STATS_LEN); + memset(&sinfo, 0, sizeof(sinfo)); #define ADD_STA_STATS(sta) \ do { \