From: Eyal Shapira Date: Mon, 23 Dec 2013 14:26:41 +0000 (+0200) Subject: iwlwifi: mvm: rs: fix a potential NULL deref X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=80e9e5cd265af43cc51948125317c40f0988013b;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git iwlwifi: mvm: rs: fix a potential NULL deref Found by klocwork analysis. mvm could be NULL which may cause a NULL dereference in a theoretical call flow rs_fill_lq_cmd(mvm = NULL, ...) rs_build_rates_table rs_fill_rates_for_column ucode_rate_from_rs_rate IWL_ERR(mvm,...) No real reason for passing NULL to rs_fill_lq_cmd so fix that. Reported-by: Eytan Lifshitz Signed-off-by: Eyal Shapira Signed-off-by: Emmanuel Grumbach --- diff --git a/drivers/net/wireless/iwlwifi/mvm/rs.c b/drivers/net/wireless/iwlwifi/mvm/rs.c index 269fa0a4a382..b7668dc3acbb 100644 --- a/drivers/net/wireless/iwlwifi/mvm/rs.c +++ b/drivers/net/wireless/iwlwifi/mvm/rs.c @@ -2121,7 +2121,7 @@ static void rs_initialize_lq(struct iwl_mvm *mvm, tbl->column = RS_COLUMN_LEGACY_ANT_B; rs_set_expected_tpt_table(lq_sta, tbl); - rs_fill_lq_cmd(NULL, NULL, lq_sta, rate); + rs_fill_lq_cmd(mvm, sta, lq_sta, rate); /* TODO restore station should remember the lq cmd */ iwl_mvm_send_lq_cmd(mvm, &lq_sta->lq, init); } @@ -2448,8 +2448,7 @@ static void rs_build_rates_table(struct iwl_mvm *mvm, memcpy(&rate, initial_rate, sizeof(rate)); - if (mvm) - valid_tx_ant = iwl_fw_valid_tx_ant(mvm->fw); + valid_tx_ant = iwl_fw_valid_tx_ant(mvm->fw); if (is_siso(&rate)) { num_rates = RS_INITIAL_SISO_NUM_RATES; @@ -2623,7 +2622,7 @@ static void rs_program_fix_rate(struct iwl_mvm *mvm, struct rs_rate rate; rs_rate_from_ucode_rate(lq_sta->dbg_fixed_rate, lq_sta->band, &rate); - rs_fill_lq_cmd(NULL, NULL, lq_sta, &rate); + rs_fill_lq_cmd(mvm, NULL, lq_sta, &rate); iwl_mvm_send_lq_cmd(lq_sta->drv, &lq_sta->lq, false); } }