wl18xx: make sure fw_status->priv exists before deref

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In some corner cases with specific timings, we might
try dequeueing tx before we got information about
the link status (e.g. due to recovery during tx).

Instead of NULL dereference, assume all
the links in this case have low priorities.

Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

authored by

Eliad Peller and committed by

John W. Linville 11 years ago 9bccb8ae 16310202

+12 -2

1 changed file

expand all

drivers

net

wireless

wl18xx

main.c

+12 -2

drivers/net/wireless/ti/wl18xx/main.c

··· 1609 1609 u8 thold; 1610 1610 struct wl18xx_fw_status_priv *status_priv = 1611 1611 (struct wl18xx_fw_status_priv *)wl->fw_status->priv; 1612 - u32 suspend_bitmap = le32_to_cpu(status_priv->link_suspend_bitmap); 1612 + u32 suspend_bitmap; 1613 + 1614 + /* if we don't have the link map yet, assume they all low prio */ 1615 + if (!status_priv) 1616 + return false; 1613 1617 1614 1618 /* suspended links are never high priority */ 1619 + suspend_bitmap = le32_to_cpu(status_priv->link_suspend_bitmap); 1615 1620 if (test_bit(hlid, (unsigned long *)&suspend_bitmap)) 1616 1621 return false; 1617 1622 ··· 1636 1631 u8 thold; 1637 1632 struct wl18xx_fw_status_priv *status_priv = 1638 1633 (struct wl18xx_fw_status_priv *)wl->fw_status->priv; 1639 - u32 suspend_bitmap = le32_to_cpu(status_priv->link_suspend_bitmap); 1634 + u32 suspend_bitmap; 1640 1635 1636 + /* if we don't have the link map yet, assume they all low prio */ 1637 + if (!status_priv) 1638 + return true; 1639 + 1640 + suspend_bitmap = le32_to_cpu(status_priv->link_suspend_bitmap); 1641 1641 if (test_bit(hlid, (unsigned long *)&suspend_bitmap)) 1642 1642 thold = status_priv->tx_suspend_threshold; 1643 1643 else if (test_bit(hlid, (unsigned long *)&wl->fw_fast_lnk_map) &&