diff options
| author | Eyal Shapira <eyal@wizery.com> | 2013-12-23 09:26:41 -0500 |
|---|---|---|
| committer | Emmanuel Grumbach <emmanuel.grumbach@intel.com> | 2013-12-31 12:03:52 -0500 |
| commit | 80e9e5cd265af43cc51948125317c40f0988013b (patch) | |
| tree | 82a63c92721c2d769ac4cd05bb4bcc20cd4deb1f | |
| parent | 6e97b0d2984a7f80b1d6ba4f62d84d2ce8106069 (diff) | |
iwlwifi: mvm: rs: fix a potential NULL deref
Found by klocwork analysis.
mvm could be NULL which may cause a NULL dereference
in a theoretical call flow
rs_fill_lq_cmd(mvm = NULL, ...)
rs_build_rates_table
rs_fill_rates_for_column
ucode_rate_from_rs_rate
IWL_ERR(mvm,...)
No real reason for passing NULL to rs_fill_lq_cmd so fix that.
Reported-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
Signed-off-by: Eyal Shapira <eyal@wizery.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
| -rw-r--r-- | drivers/net/wireless/iwlwifi/mvm/rs.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/drivers/net/wireless/iwlwifi/mvm/rs.c b/drivers/net/wireless/iwlwifi/mvm/rs.c index 269fa0a4a382..b7668dc3acbb 100644 --- a/drivers/net/wireless/iwlwifi/mvm/rs.c +++ b/drivers/net/wireless/iwlwifi/mvm/rs.c | |||
| @@ -2121,7 +2121,7 @@ static void rs_initialize_lq(struct iwl_mvm *mvm, | |||
| 2121 | tbl->column = RS_COLUMN_LEGACY_ANT_B; | 2121 | tbl->column = RS_COLUMN_LEGACY_ANT_B; |
| 2122 | 2122 | ||
| 2123 | rs_set_expected_tpt_table(lq_sta, tbl); | 2123 | rs_set_expected_tpt_table(lq_sta, tbl); |
| 2124 | rs_fill_lq_cmd(NULL, NULL, lq_sta, rate); | 2124 | rs_fill_lq_cmd(mvm, sta, lq_sta, rate); |
| 2125 | /* TODO restore station should remember the lq cmd */ | 2125 | /* TODO restore station should remember the lq cmd */ |
| 2126 | iwl_mvm_send_lq_cmd(mvm, &lq_sta->lq, init); | 2126 | iwl_mvm_send_lq_cmd(mvm, &lq_sta->lq, init); |
| 2127 | } | 2127 | } |
| @@ -2448,8 +2448,7 @@ static void rs_build_rates_table(struct iwl_mvm *mvm, | |||
| 2448 | 2448 | ||
| 2449 | memcpy(&rate, initial_rate, sizeof(rate)); | 2449 | memcpy(&rate, initial_rate, sizeof(rate)); |
| 2450 | 2450 | ||
| 2451 | if (mvm) | 2451 | valid_tx_ant = iwl_fw_valid_tx_ant(mvm->fw); |
| 2452 | valid_tx_ant = iwl_fw_valid_tx_ant(mvm->fw); | ||
| 2453 | 2452 | ||
| 2454 | if (is_siso(&rate)) { | 2453 | if (is_siso(&rate)) { |
| 2455 | num_rates = RS_INITIAL_SISO_NUM_RATES; | 2454 | num_rates = RS_INITIAL_SISO_NUM_RATES; |
| @@ -2623,7 +2622,7 @@ static void rs_program_fix_rate(struct iwl_mvm *mvm, | |||
| 2623 | struct rs_rate rate; | 2622 | struct rs_rate rate; |
| 2624 | rs_rate_from_ucode_rate(lq_sta->dbg_fixed_rate, | 2623 | rs_rate_from_ucode_rate(lq_sta->dbg_fixed_rate, |
| 2625 | lq_sta->band, &rate); | 2624 | lq_sta->band, &rate); |
| 2626 | rs_fill_lq_cmd(NULL, NULL, lq_sta, &rate); | 2625 | rs_fill_lq_cmd(mvm, NULL, lq_sta, &rate); |
| 2627 | iwl_mvm_send_lq_cmd(lq_sta->drv, &lq_sta->lq, false); | 2626 | iwl_mvm_send_lq_cmd(lq_sta->drv, &lq_sta->lq, false); |
| 2628 | } | 2627 | } |
| 2629 | } | 2628 | } |