Inicio Explorar Axuda
Iniciar sesión
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

qcacld-3.0: Fix null pointer dereference in htt_t2h_lp_msg_handler

Apparently netbufs_ring is initialized only when reordering is not fully
offloaded. When a message of type HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND
is sent, the driver does not check if reordering is offloaded.

Add a check, if reordering is offloaded, when a message of type
HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND is sent.

Change-Id: I303b52182d97aa8185c23ccd99c37a97fb75a3d2
CRs-Fixed: 2213216
Alok Kumar %!s(int64=7) %!d(string=hai) anos
pai
569a6e10f9
achega
19707a8b2f
Modificáronse 1 ficheiros con 7 adicións e 0 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 7 0
      core/dp/htt/htt_t2h.c

+ 7 - 0
core/dp/htt/htt_t2h.c
Ver ficheiro 

@@ -247,6 +247,13 @@ static void htt_t2h_lp_msg_handler(void *context, qdf_nbuf_t htt_t2h_msg,
 
 	{
 
 		uint16_t msdu_cnt;
 
 
+		if (!pdev->cfg.is_high_latency &&
 
+		    pdev->cfg.is_full_reorder_offload) {
 
+			qdf_print("HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND not ");
 
+			qdf_print("supported when full reorder offload is ");
 
+			qdf_print("enabled in the configuration.\n");
 
+			break;
 
+		}
 
 		msdu_cnt =
 
 			HTT_RX_OFFLOAD_DELIVER_IND_MSDU_CNT_GET(*msg_word);
 
 		ol_rx_offload_deliver_ind_handler(pdev->txrx_pdev,