samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Fix null pointer dereference in htt_t2h_lp_msg_handler

Browse Source 
Apparently netbufs_ring is initialized only when reordering is not fully
offloaded. When a message of type HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND
is sent, the driver does not check if reordering is offloaded.

Add a check, if reordering is offloaded, when a message of type
HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND is sent.

Change-Id: I303b52182d97aa8185c23ccd99c37a97fb75a3d2
CRs-Fixed: 2213216
This commit is contained in:
Alok Kumar
2018-04-25 12:37:25 +05:30
committed by nshrivas
parent 569a6e10f9
commit 19707a8b2f
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
core/dp/htt/htt_t2h.c
View File

@@ -247,6 +247,13 @@ static void htt_t2h_lp_msg_handler(void *context, qdf_nbuf_t htt_t2h_msg,
{ {
uint16_t msdu_cnt; uint16_t msdu_cnt;
if (!pdev->cfg.is_high_latency &&
pdev->cfg.is_full_reorder_offload) {
qdf_print("HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND not ");
qdf_print("supported when full reorder offload is ");
qdf_print("enabled in the configuration.\n");
break;
}
msdu_cnt = msdu_cnt =
HTT_RX_OFFLOAD_DELIVER_IND_MSDU_CNT_GET(*msg_word); HTT_RX_OFFLOAD_DELIVER_IND_MSDU_CNT_GET(*msg_word);
ol_rx_offload_deliver_ind_handler(pdev->txrx_pdev, ol_rx_offload_deliver_ind_handler(pdev->txrx_pdev,