bug report: iwlwifi: mvm: support mac80211 TXQs model

From: Colin Ian King
Date: Wed Feb 20 2019 - 09:40:14 EST


Hi,

Static analysis by CoverityScan has detected an uninitialized variable
error in drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c

Variable used_hw_queues in iwl_mvm_mac_ctxt_init() is no longer being
assigned an initial value, causing garbage to be found when calling
find_first_zero_bit() on used_hw_queues.

CoverityScan reports this as follows:

363 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
CID 1477001 (#1 of 1): Uninitialized scalar variable (UNINIT)
uninit_use_in_call: Using uninitialized value used_hw_queues when
calling find_first_zero_bit.

364 u8 queue = find_first_zero_bit(&used_hw_queues,
queue_limit);
365

This issue was caused by the following commit:

cfbc6c4c5b91c7725ef14465b98ac347d31f2334 ("iwlwifi: mvm: support
mac80211 TXQs model")

..when the used_hw_queues initialization was removed:

@@ -360,8 +300,6 @@ int iwl_mvm_mac_ctxt_init(struct iwl_mvm *mvm,
struct ieee80211_vif *vif)
mvm->hw, IEEE80211_IFACE_ITER_RESUME_ALL,
iwl_mvm_mac_iface_iterator, &data);

- used_hw_queues = iwl_mvm_get_used_hw_queues(mvm, vif);
-
/*
* In the case we're getting here during resume, it's similar to
* firmware restart, and with RESUME_ALL the iterator will find


I'm not 100% sure if the right thing to do is just to now initialize
used_hw_queues to zero; it's not entirely clear what the initial value
should be now.

Colin