cld-3.0: Remove warnings issued by static analysis

Some of these are very remote scenarios (like HIF not being
initialized at the time of the calls, which could then
dereference a NULL pointer). There are a few cases of looping
beyond boundaries.

The scope of this update is limited to NAPI related code.

Change-Id: I60229406d5ab514d5465ef2569324d3d4eb430d4
CRs-Fixed: 938253

core/dp/txrx/ol_tx.c

@@ -133,6 +133,11 @@ cdf_nbuf_t ol_tx_send_data_frame(uint8_t sta_id, cdf_nbuf_t skb,
 			"%s:pdev is null", __func__);
 		return skb;
 	}
+	if (cdf_unlikely(!cdf_ctx)) {
+		TXRX_PRINT(TXRX_PRINT_LEVEL_ERR,
+			"%s:cdf_ctx is null", __func__);
+		return skb;
+	}
 
 	if (sta_id >= WLAN_MAX_STA_COUNT) {
 		CDF_TRACE(CDF_MODULE_ID_TXRX, CDF_TRACE_LEVEL_WARN,

core/hdd/src/wlan_hdd_driver_ops.c

@@ -113,7 +113,8 @@ static int wlan_hdd_probe(struct device *dev, void *bdev, const hif_bus_id *bid,
 		if (status <= 0) {
 			hdd_err("NAPI creation error, rc: 0x%x, reinit = %d",
 			status, reinit);
-			return -EFAULT;
+			ret = -EFAULT;
+			goto end;
 		}
 	}
 

core/hdd/src/wlan_hdd_ioctl.c

@@ -5361,9 +5361,10 @@ static int drv_cmd_get_rssi(hdd_adapter_t *adapter,
 			    uint8_t command_len,
 			    hdd_priv_data_t *priv_data)
 {
-	int ret;
+	int ret = 0;
 	int8_t rssi = 0;
 	char extra[32];
+
 	uint8_t len = 0;
 
 	wlan_hdd_get_rssi(adapter, &rssi);
@@ -5484,13 +5485,15 @@ int hdd_napi_stats(char   *buf,
 
 	NAPI_DEBUG("-->\n");
 
+	if (NULL == napid)
+		return n;
 	if (NULL == indp) {
 		from = 0;
-		to = sizeof(uint32_t) * CE_COUNT_MAX;
+		to = CE_COUNT_MAX;
 	} else {
 		if (0 > kstrtoint(indp, 10, &to)) {
 			from = 0;
-			to = sizeof(uint32_t) * CE_COUNT_MAX;
+			to = CE_COUNT_MAX;
 		} else
 			from = to;
 	}
@@ -5534,9 +5537,10 @@ static void napi_set_scale(uint8_t sc)
 	struct qca_napi_data *napi_data;
 
 	napi_data = hdd_napi_get_all();
-	for (i = 0; i < sizeof(uint32_t)*8; i++)
-		if (napi_data->ce_map & (0x01 << i))
-			napi_data->napis[i].scale = sc;
+	if (likely(NULL != napi_data))
+	    for (i = 0; i < CE_COUNT_MAX; i++)
+		    if (napi_data->ce_map & (0x01 << i))
+			    napi_data->napis[i].scale = sc;
 
 	return;
 }
@@ -5557,7 +5561,7 @@ static void napi_set_scale(uint8_t sc)
  * NAPI STATS [<n>] : get the stats for a given NAPI instance
  * NAPI SCALE <n>   : set the scale factor
  *
- * Return: 0: success; 0>: failure
+ * Return: 0: success; !0: failure
  */
 static int drv_cmd_napi(hdd_adapter_t *adapter,
 			hdd_context_t *hdd_ctx,
@@ -5632,12 +5636,14 @@ static int drv_cmd_napi(hdd_adapter_t *adapter,
 			struct qca_napi_data *napi_data;
 
 			napi_data = hdd_napi_get_all();
+			if (unlikely(NULL == napi_data))
+				goto status_end;
 			n += scnprintf(reply+n, MAX_USER_COMMAND_SIZE - n,
 				       "NAPI state: 0x%08x map: 0x%08x\n",
 				       napi_data->state,
 				       napi_data->ce_map);
 
-			for (i = 0; i < sizeof(uint32_t)*8; i++)
+			for (i = 0; i < CE_COUNT_MAX; i++)
 				if (napi_data->ce_map & (0x01 << i)) {
 					n += scnprintf(
 						reply + n,
@@ -5647,6 +5653,7 @@ static int drv_cmd_napi(hdd_adapter_t *adapter,
 						napi_data->napis[i].id,
 						napi_data->napis[i].scale);
 				}
+		status_end:
 			hdd_info("wlan: STATUS DATA:\n%s", reply);
 			if (copy_to_user(priv_data->buf, reply,
 					 CDF_MIN(n, priv_data->total_len)))
@@ -5656,10 +5663,11 @@ static int drv_cmd_napi(hdd_adapter_t *adapter,
 			struct qca_napi_data *napi_data;
 
 			napi_data = hdd_napi_get_all();
-			n = hdd_napi_stats(reply, MAX_USER_COMMAND_SIZE,
-					   aux, napi_data);
-			NAPI_DEBUG("STATS: returns %d\n", n);
-
+			if (NULL != napi_data) {
+				n = hdd_napi_stats(reply, MAX_USER_COMMAND_SIZE,
+						   aux, napi_data);
+				NAPI_DEBUG("STATS: returns %d\n", n);
+			}
 			if (n > 0) {
 				if (copy_to_user(priv_data->buf, reply,
 						 CDF_MIN(priv_data->total_len,

core/hdd/src/wlan_hdd_napi.c

@@ -53,14 +53,16 @@ static struct qca_napi_data *hdd_napi_ctx;
  */
 struct qca_napi_data *hdd_napi_get_all(void)
 {
-	struct qca_napi_data *rp;
+	struct qca_napi_data *rp = NULL;
 	struct ol_softc *hif;
 
 	NAPI_DEBUG("-->\n");
 
 	hif = cds_get_context(CDF_MODULE_ID_HIF);
-	CDF_ASSERT(hif != NULL);
-	rp = hif_napi_get_all(hif);
+	if (unlikely(NULL == hif))
+		CDF_ASSERT(NULL != hif); /* WARN */
+	else
+		rp = hif_napi_get_all(hif);
 
 	NAPI_DEBUG("<-- [addr=%p]\n", rp);
 	return rp;
@@ -74,13 +76,14 @@ struct qca_napi_data *hdd_napi_get_all(void)
  */
 static uint32_t hdd_napi_get_map(void)
 {
-	uint32_t map;
+	uint32_t map = 0;
 
 	NAPI_DEBUG("-->\n");
 	/* cache once, use forever */
 	if (hdd_napi_ctx == NULL)
 		hdd_napi_ctx = hdd_napi_get_all();
-	map = hdd_napi_ctx->ce_map;
+	if (hdd_napi_ctx != NULL)
+		map = hdd_napi_ctx->ce_map;
 
 	NAPI_DEBUG("<--[map=0x%08x]\n", map);
 	return map;
@@ -105,35 +108,36 @@ int hdd_napi_create(void)
 	int     ul_polled, dl_polled;
 	int     rc = 0;
 
-	hif_ctx = cds_get_context(CDF_MODULE_ID_HIF);
-	CDF_ASSERT(hif_ctx != NULL);
-
 	NAPI_DEBUG("-->\n");
 
-	/*
-	 * hif_service_to_pipe currently returns one pipe id per service.
-	 * However for Adrestea, we will need to figure out how to map
-	 * DATA service to multiple pipes. Either we will need to create
-	 * family of services, or this function may return a bitmap (of
-	 * at least #MAX_CEs bits) and then we will need to iterate on
-	 * the bitmap for hif_napi_create() calls.
-	 * For Rome, there is only one service, so there is a single call
-	 *  TODO: clarify for multi-queue/Adrestea
-	 */
-	if (CDF_STATUS_SUCCESS !=
-	    hif_map_service_to_pipe(hif_ctx, HTT_DATA_MSG_SVC,
-				    &ul, &dl, &ul_polled, &dl_polled)) {
-		hdd_err("cannot map service to pipe");
-		rc = -EINVAL;
+	hif_ctx = cds_get_context(CDF_MODULE_ID_HIF);
+	if (unlikely(NULL == hif_ctx)) {
+		CDF_ASSERT(NULL != hif_ctx);
+		rc = -EFAULT;
 	} else {
-		rc = hif_napi_create(hif_ctx, dl, hdd_napi_poll,
-				     QCA_NAPI_BUDGET, QCA_NAPI_DEF_SCALE);
-		if (rc < 0)
-			hdd_err("ERR(%d) creating NAPI on pipe %d", rc, dl);
-		else {
-			hdd_info("napi instance %d created on pipe %d",
-				 rc, dl);
-			/* rc = (0x01 << rc); -- phase 2 */
+		/*
+		 * Note: hif_service_to_pipe returns one pipe id per service.
+		 * For multi-queue NAPI for Adrastea, we will use multiple
+		 * services/calls.
+		 * For Rome, there is only one service, hence a single call
+		 */
+		if (CDF_STATUS_SUCCESS !=
+		    hif_map_service_to_pipe(hif_ctx, HTT_DATA_MSG_SVC,
+					    &ul, &dl, &ul_polled, &dl_polled)) {
+			hdd_err("cannot map service to pipe");
+			rc = -EINVAL;
+		} else {
+			rc = hif_napi_create(hif_ctx, dl, hdd_napi_poll,
+					     QCA_NAPI_BUDGET,
+					     QCA_NAPI_DEF_SCALE);
+			if (rc < 0)
+				hdd_err("ERR(%d) creating NAPI on pipe %d",
+					rc, dl);
+			else {
+				hdd_info("napi instance %d created on pipe %d",
+					 rc, dl);
+				/* rc = (0x01 << rc); -- phase 2 */
+			}
 		}
 	}
 	NAPI_DEBUG("<-- [rc=%d]\n", rc);
@@ -163,19 +167,21 @@ int hdd_napi_destroy(int force)
 		struct ol_softc *hif_ctx;
 
 		hif_ctx = cds_get_context(CDF_MODULE_ID_HIF);
-		CDF_ASSERT(hif_ctx != NULL);
-
-		for (i = 0; i < (sizeof(uint32_t)*8); i++)
-			if (hdd_napi_map & (0x01 << i)) {
-				if (0 <= hif_napi_destroy(hif_ctx,
-							  NAPI_PIPE2ID(i),
-							  force)) {
-					rc++;
-					hdd_napi_map &= ~(0x01 << i);
-				} else
-					hdd_err("cannot destroy napi inst %d: (pipe:%d), f=%d\n",
-						i, NAPI_PIPE2ID(i), force);
-			}
+		if (unlikely(NULL == hif_ctx))
+			CDF_ASSERT(NULL != hif_ctx);
+		else
+			for (i = 0; i < CE_COUNT_MAX; i++)
+				if (hdd_napi_map & (0x01 << i)) {
+					if (0 <= hif_napi_destroy(
+						    hif_ctx,
+						    NAPI_PIPE2ID(i), force)) {
+						rc++;
+						hdd_napi_map &= ~(0x01 << i);
+					} else
+						hdd_err("cannot destroy napi %d: (pipe:%d), f=%d\n",
+							i,
+							NAPI_PIPE2ID(i), force);
+				}
 	}
 
 	/* if all instances are removed, it is likely that hif_context has been
@@ -199,16 +205,19 @@ int hdd_napi_destroy(int force)
  *   int: 0  = false (NOT enabled)
  *        !0 = true  (enabbled)
  */
-inline int hdd_napi_enabled(int id)
+int hdd_napi_enabled(int id)
 {
 	struct ol_softc *hif;
+	int rc = 0; /* NOT enabled */
 
 	hif = cds_get_context(CDF_MODULE_ID_HIF);
-	CDF_ASSERT(hif != NULL);
-	if (-1 == id)
-		return hif_napi_enabled(hif, id);
+	if (unlikely(NULL == hif))
+		CDF_ASSERT(hif != NULL); /* WARN_ON; rc = 0 */
+	else if (-1 == id)
+		rc = hif_napi_enabled(hif, id);
 	else
-		return hif_napi_enabled(hif, NAPI_ID2PIPE(id));
+		rc = hif_napi_enabled(hif, NAPI_ID2PIPE(id));
+	return rc;
 }
 
 /**
@@ -229,14 +238,16 @@ inline int hdd_napi_enabled(int id)
  */
 int hdd_napi_event(enum qca_napi_event event, void *data)
 {
-	int rc;
+	int rc = -EFAULT;  /* assume err */
 	struct ol_softc *hif;
 
 	NAPI_DEBUG("-->(event=%d, aux=%p)\n", event, data);
 
 	hif = cds_get_context(CDF_MODULE_ID_HIF);
-	CDF_ASSERT(hif != NULL);
-	rc = hif_napi_event(hif, event, data);
+	if (unlikely(NULL == hif))
+		CDF_ASSERT(hif != NULL);
+	else
+		rc = hif_napi_event(hif, event, data);
 
 	NAPI_DEBUG("<--[rc=%d]\n", rc);
 	return rc;

core/hif/src/ce/ce_tasklet.c

@@ -170,7 +170,7 @@ void init_tasklet_workers(void)
  */
 static inline void ce_schedule_tasklet(struct ce_tasklet_entry *tasklet_entry)
 {
-	if (work_initialized && (tasklet_entry->ce_id <= CE_ID_MAX))
+	if (work_initialized && (tasklet_entry->ce_id < CE_ID_MAX))
 		schedule_work(&tasklet_workers[tasklet_entry->ce_id].work);
 	else
 		HIF_ERROR("%s: work_initialized = %d, ce_id = %d",
@@ -285,16 +285,19 @@ static irqreturn_t ce_irq_handler(int irq, void *context)
 	struct ce_tasklet_entry *tasklet_entry = context;
 	struct HIF_CE_state *hif_ce_state = tasklet_entry->hif_ce_state;
 	struct ol_softc *scn = hif_ce_state->scn;
-	int ce_id = icnss_get_ce_id(irq);
 	uint32_t host_status;
-
+	int ce_id = icnss_get_ce_id(irq);
 
 	if (tasklet_entry->ce_id != ce_id) {
 		HIF_ERROR("%s: ce_id (expect %d, received %d) does not match",
 			  __func__, tasklet_entry->ce_id, ce_id);
 		return IRQ_NONE;
 	}
-
+	if (unlikely(ce_id >= CE_COUNT_MAX)) {
+		HIF_ERROR("%s: ce_id=%d > CE_COUNT_MAX=%d",
+			  __func__, tasklet_entry->ce_id, CE_COUNT_MAX);
+		return IRQ_NONE;
+	}
 #ifndef HIF_PCI
 	disable_irq_nosync(irq);
 #endif

core/hif/src/hif_napi.c

@@ -113,7 +113,8 @@ int hif_napi_create(struct ol_softc   *hif,
 		   napid->netdev.napi_list.prev, napid->netdev.napi_list.next);
 
 	/* It is OK to change the state variable below without protection
-	   as there should be no-one around yet */
+	 * as there should be no-one around yet
+	 */
 	napid->ce_map |= (0x01 << pipe_id);
 	HIF_INFO("%s: NAPI id %d created for pipe %d\n", __func__,
 		 napii->id, pipe_id);
@@ -162,6 +163,7 @@ int hif_napi_destroy(struct ol_softc *hif,
 	} else {
 		struct qca_napi_data *napid;
 		struct qca_napi_info *napii;
+
 		napid = &(hif->napi_data);
 		napii = &(napid->napis[ce]);
 
@@ -193,8 +195,9 @@ int hif_napi_destroy(struct ol_softc *hif,
 			HIF_INFO("%s: NAPI %d destroyed\n", __func__, id);
 
 			/* if there are no active instances and
-			   if they are all destroyed,
-			   set the whole structure to uninitialized state */
+			 * if they are all destroyed,
+			 * set the whole structure to uninitialized state
+			 */
 			if (napid->ce_map == 0) {
 				/* hif->napi_data.state = 0; */
 				memset(napid,
@@ -258,6 +261,7 @@ int hif_napi_event(struct ol_softc *hif, enum qca_napi_event event, void *data)
 	case NAPI_EVT_INI_FILE:
 	case NAPI_EVT_CMD_STATE: {
 		int on = (data != ((void *)0));
+
 		HIF_INFO("%s: received evnt: CONF %s; v = %d (state=0x%0x)\n",
 			 __func__,
 			 (event == NAPI_EVT_INI_FILE)?".ini file":"cmd",
@@ -328,9 +332,10 @@ int hif_napi_event(struct ol_softc *hif, enum qca_napi_event event, void *data)
  *
  * Return: bool
  */
-inline int hif_napi_enabled(struct ol_softc *hif, int ce)
+int hif_napi_enabled(struct ol_softc *hif, int ce)
 {
 	int rc;
+
 	if (-1 == ce)
 		rc = ((hif->napi_data.state == ENABLE_NAPI_MASK));
 	else
@@ -350,7 +355,6 @@ inline int hif_napi_enabled(struct ol_softc *hif, int ce)
 inline void hif_napi_enable_irq(struct ol_softc *hif, int id)
 {
 	ce_irq_enable(hif, NAPI_ID2PIPE(id));
-	return;
 }
 
 
@@ -396,7 +400,8 @@ int hif_napi_schedule(struct ol_softc *scn, int ce_id)
  */
 int hif_napi_poll(struct napi_struct *napi, int budget)
 {
-	int rc, normalized, bucket;
+	int    rc = 0; /* default: no work done, also takes care of error */
+	int    normalized, bucket;
 	int    cpu = smp_processor_id();
 	struct ol_softc      *hif;
 	struct qca_napi_info *napi_info;
@@ -409,27 +414,32 @@ int hif_napi_poll(struct napi_struct *napi, int budget)
 	napi_info->stats[cpu].napi_polls++;
 
 	hif = (struct ol_softc *)cds_get_context(CDF_MODULE_ID_HIF);
-	CDF_ASSERT(hif != NULL);
-	rc = ce_per_engine_service(hif, NAPI_ID2PIPE(napi_info->id));
-	HIF_INFO_HI("%s: ce_per_engine_service reports %d msgs processed",
-		__func__, rc);
+	if (unlikely(NULL == hif))
+		CDF_ASSERT(hif != NULL); /* emit a warning if hif NULL */
+	else {
+		rc = ce_per_engine_service(hif, NAPI_ID2PIPE(napi_info->id));
+		HIF_INFO_HI("%s: ce_per_engine_service processed %d msgs",
+			    __func__, rc);
+	}
 	napi_info->stats[cpu].napi_workdone += rc;
 	normalized = (rc / napi_info->scale);
 
-	ce_state = hif->ce_id_to_state[NAPI_ID2PIPE(napi_info->id)];
-	if (ce_state->lro_flush_cb != NULL) {
-		ce_state->lro_flush_cb(ce_state->lro_data);
+	if (NULL != hif) {
+		ce_state = hif->ce_id_to_state[NAPI_ID2PIPE(napi_info->id)];
+		if (ce_state->lro_flush_cb != NULL) {
+			ce_state->lro_flush_cb(ce_state->lro_data);
+		}
 	}
 
 	/* do not return 0, if there was some work done,
-	   even if it is below the scale   */
+	 * even if it is below the scale
+	 */
 	if (rc)
 		normalized++;
 	bucket   = (normalized / QCA_NAPI_DEF_SCALE);
 	napi_info->stats[cpu].napi_budget_uses[bucket]++;
 
-	/* if ce_per engine reports 0, then we should make sure
-	   poll is terminated */
+	/* if ce_per engine reports 0, then poll should be terminated */
 	if (0 == rc)
 		NAPI_DEBUG("%s:%d: nothing processed by CE. Completing NAPI\n",
 			   __func__, __LINE__);
@@ -438,10 +448,12 @@ int hif_napi_poll(struct napi_struct *napi, int budget)
 		napi_info->stats[cpu].napi_completes++;
 		/* enable interrupts */
 		napi_complete(napi);
-		hif_napi_enable_irq(hif, napi_info->id);
+		if (NULL != hif) {
+			hif_napi_enable_irq(hif, napi_info->id);
 
-		/* support suspend/resume */
-		cdf_atomic_dec(&(hif->active_tasklet_cnt));
+			/* support suspend/resume */
+			cdf_atomic_dec(&(hif->active_tasklet_cnt));
+		}
 
 		NAPI_DEBUG("%s:%d: napi_complete + enabling the interrupts\n",
 			   __func__, __LINE__);

core/hif/src/icnss_stub/icnss_stub.c

@@ -323,7 +323,7 @@ int icnss_get_soc_info(struct icnss_soc_info *info)
 */
 static int icnss_get_irq_num(int ce_id)
 {
-	if (ce_id <= ICNSS_MAX_IRQ_REGISTRATIONS && ce_id >= 0)
+	if (ce_id < CE_COUNT_MAX && ce_id >= 0)
 		return ce_id + 100;
 
 	pr_err("icnss: No irq registered for CE id %d\n", ce_id);
@@ -333,7 +333,7 @@ static int icnss_get_irq_num(int ce_id)
 int icnss_get_ce_id(int irq)
 {
 	int ce_id = irq - 100;
-	if (ce_id <= ICNSS_MAX_IRQ_REGISTRATIONS && ce_id >= 0)
+	if (ce_id < CE_COUNT_MAX && ce_id >= 0)
 		return ce_id;
 
 	pr_err("icnss: No matching CE id for irq %d\n", irq);