iwlwifi: mvm: rs: fix a potential NULL deref
authorEyal Shapira <eyal@wizery.com>
Mon, 23 Dec 2013 14:26:41 +0000 (16:26 +0200)
committerEmmanuel Grumbach <emmanuel.grumbach@intel.com>
Tue, 31 Dec 2013 17:03:52 +0000 (19:03 +0200)
Found by klocwork analysis.
mvm could be NULL which may cause a NULL dereference
in a theoretical call flow

rs_fill_lq_cmd(mvm = NULL, ...)
rs_build_rates_table
rs_fill_rates_for_column
ucode_rate_from_rs_rate
IWL_ERR(mvm,...)

No real reason for passing NULL to rs_fill_lq_cmd so fix that.

Reported-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
drivers/net/wireless/iwlwifi/mvm/rs.c

index 269fa0a4a3829f8a89eec4aa4d5bc558e8a05c1b..b7668dc3acbbb278fc0dd076c75b7923e29ec151 100644 (file)
@@ -2121,7 +2121,7 @@ static void rs_initialize_lq(struct iwl_mvm *mvm,
                tbl->column = RS_COLUMN_LEGACY_ANT_B;
 
        rs_set_expected_tpt_table(lq_sta, tbl);
-       rs_fill_lq_cmd(NULL, NULL, lq_sta, rate);
+       rs_fill_lq_cmd(mvm, sta, lq_sta, rate);
        /* TODO restore station should remember the lq cmd */
        iwl_mvm_send_lq_cmd(mvm, &lq_sta->lq, init);
 }
@@ -2448,8 +2448,7 @@ static void rs_build_rates_table(struct iwl_mvm *mvm,
 
        memcpy(&rate, initial_rate, sizeof(rate));
 
-       if (mvm)
-               valid_tx_ant = iwl_fw_valid_tx_ant(mvm->fw);
+       valid_tx_ant = iwl_fw_valid_tx_ant(mvm->fw);
 
        if (is_siso(&rate)) {
                num_rates = RS_INITIAL_SISO_NUM_RATES;
@@ -2623,7 +2622,7 @@ static void rs_program_fix_rate(struct iwl_mvm *mvm,
                struct rs_rate rate;
                rs_rate_from_ucode_rate(lq_sta->dbg_fixed_rate,
                                        lq_sta->band, &rate);
-               rs_fill_lq_cmd(NULL, NULL, lq_sta, &rate);
+               rs_fill_lq_cmd(mvm, NULL, lq_sta, &rate);
                iwl_mvm_send_lq_cmd(lq_sta->drv, &lq_sta->lq, false);
        }
 }