Startsida Utforska Hjälp
Logga in
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Bläddra i källkod

qcacmn: Add NULL checks before dereferencing

Add NULL checks before dereferencing in:
1) HIF layer
2) WMI layer.

Change-Id: I47c5d18ae7841826d958d742283edb0bd6d246b7
CRs-Fixed: 1036390
Himanshu Agarwal 8 år sedan
förälder
c2611a2c80
incheckning
2a92459208
5 ändrade filer med 17 tillägg och 6 borttagningar
Delad Vy Visa Diff Statistik
  1. 5 1
      hif/src/ce/ce_main.c
  2. 3 1
      hif/src/ce/ce_tasklet.c
  3. 2 3
      hif/src/hif_napi.c
  4. 2 1
      hif/src/pcie/if_pci.c
  5. 5 0
      wmi/src/wmi_unified_tlv.c

+ 5 - 1
hif/src/ce/ce_main.c
Visa fil 

@@ -2230,7 +2230,11 @@ int hif_ce_fastpath_cb_register(struct hif_opaque_softc *hif_ctx,
 
 	struct hif_softc *scn = HIF_GET_SOFTC(hif_ctx);
 
 	int i;
 
 
-	QDF_ASSERT(scn != NULL);
 
+	if (!scn) {
 
+		HIF_ERROR("%s: scn is NULL", __func__);
 
+		QDF_ASSERT(0);
 
+		return QDF_STATUS_E_FAILURE;
 
+	}
 
 
 	if (!scn->fastpath_mode_on) {
 
 		HIF_WARN("%s: Fastpath mode disabled", __func__);

+ 3 - 1
hif/src/ce/ce_tasklet.c
Visa fil 

@@ -381,13 +381,15 @@ const char *ce_name[ICNSS_MAX_IRQ_REGISTRATIONS] = {
 
 QDF_STATUS ce_unregister_irq(struct HIF_CE_state *hif_ce_state, uint32_t mask)
 
 {
 
 	int id;
 
-	int ce_count = HIF_GET_SOFTC(hif_ce_state)->ce_count;
 
+	int ce_count;
 
 	int ret;
 
 
 	if (hif_ce_state == NULL) {
 
 		HIF_WARN("%s: hif_ce_state = NULL", __func__);
 
 		return QDF_STATUS_SUCCESS;
 
 	}
 
+
 
+	ce_count = HIF_GET_SOFTC(hif_ce_state)->ce_count;
 
 	for (id = 0; id < ce_count; id++) {
 
 		if ((mask & (1 << id)) && hif_ce_state->tasklets[id].inited) {
 
 			ret = icnss_ce_free_irq(id,

+ 2 - 3
hif/src/hif_napi.c
Visa fil 

@@ -454,9 +454,8 @@ int hif_napi_poll(struct hif_opaque_softc *hif_ctx, struct napi_struct *napi,
 
 
 	if (NULL != hif) {
 
 		ce_state = hif->ce_id_to_state[NAPI_ID2PIPE(napi_info->id)];
 
-		if (ce_state->lro_flush_cb != NULL) {
 
+		if (ce_state && ce_state->lro_flush_cb)
 
 			ce_state->lro_flush_cb(ce_state->lro_data);
 
-		}
 
 	}
 
 
 	/* do not return 0, if there was some work done,
 
@@ -472,7 +471,7 @@ int hif_napi_poll(struct hif_opaque_softc *hif_ctx, struct napi_struct *napi,
 
 		NAPI_DEBUG("%s:%d: nothing processed by CE. Completing NAPI",
 
 			   __func__, __LINE__);
 
 
-	if ((ce_state != NULL && !ce_check_rx_pending(ce_state)) || 0 == rc) {
 
+	if (ce_state && (!ce_check_rx_pending(ce_state) || 0 == rc)) {
 
 		napi_info->stats[cpu].napi_completes++;
 
 
 		hif_record_ce_desc_event(hif, ce_state->id, NAPI_COMPLETE,

+ 2 - 1
hif/src/pcie/if_pci.c
Visa fil 

@@ -2433,7 +2433,7 @@ void hif_pci_nointrs(struct hif_softc *scn)
 
 void hif_pci_disable_bus(struct hif_softc *scn)
 
 {
 
 	struct hif_pci_softc *sc = HIF_GET_PCI_SOFTC(scn);
 
-	struct pci_dev *pdev = sc->pdev;
 
+	struct pci_dev *pdev;
 
 	void __iomem *mem;
 
 
 	/* Attach did not succeed, all resources have been
 
@@ -2442,6 +2442,7 @@ void hif_pci_disable_bus(struct hif_softc *scn)
 
 	if (!sc)
 
 		return;
 
 
+	pdev = sc->pdev;
 
 	if (ADRASTEA_BU) {
 
 		hif_write32_mb(sc->mem + PCIE_INTR_ENABLE_ADDRESS, 0);
 
 		hif_write32_mb(sc->mem + PCIE_INTR_CLR_ADDRESS,

+ 5 - 0
wmi/src/wmi_unified_tlv.c
Visa fil 

@@ -5887,6 +5887,11 @@ QDF_STATUS send_process_ll_stats_get_cmd_tlv(wmi_unified_t wmi_handle,
 
 	len = sizeof(*cmd);
 
 	buf = wmi_buf_alloc(wmi_handle, len);
 
 
+	if (!buf) {
 
+		WMI_LOGE("%s: buf allocation failed", __func__);
 
+		return QDF_STATUS_E_NOMEM;
 
+	}
 
+
 
 	buf_ptr = (uint8_t *) wmi_buf_data(buf);
 
 	qdf_mem_zero(buf_ptr, len);
 
 	cmd = (wmi_request_link_stats_cmd_fixed_param *) buf_ptr;