From 2a92459208b01516eab46b2409c61ae9526b9b5f Mon Sep 17 00:00:00 2001 From: Himanshu Agarwal Date: Thu, 30 Jun 2016 18:04:14 +0530 Subject: [PATCH] qcacmn: Add NULL checks before dereferencing Add NULL checks before dereferencing in: 1) HIF layer 2) WMI layer. Change-Id: I47c5d18ae7841826d958d742283edb0bd6d246b7 CRs-Fixed: 1036390 --- hif/src/ce/ce_main.c | 6 +++++- hif/src/ce/ce_tasklet.c | 4 +++- hif/src/hif_napi.c | 5 ++--- hif/src/pcie/if_pci.c | 3 ++- wmi/src/wmi_unified_tlv.c | 5 +++++ 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/hif/src/ce/ce_main.c b/hif/src/ce/ce_main.c index fdc6261c3f..60ff55618e 100644 --- a/hif/src/ce/ce_main.c +++ b/hif/src/ce/ce_main.c @@ -2230,7 +2230,11 @@ int hif_ce_fastpath_cb_register(struct hif_opaque_softc *hif_ctx, struct hif_softc *scn = HIF_GET_SOFTC(hif_ctx); int i; - QDF_ASSERT(scn != NULL); + if (!scn) { + HIF_ERROR("%s: scn is NULL", __func__); + QDF_ASSERT(0); + return QDF_STATUS_E_FAILURE; + } if (!scn->fastpath_mode_on) { HIF_WARN("%s: Fastpath mode disabled", __func__); diff --git a/hif/src/ce/ce_tasklet.c b/hif/src/ce/ce_tasklet.c index c03a695847..f393f3f7da 100644 --- a/hif/src/ce/ce_tasklet.c +++ b/hif/src/ce/ce_tasklet.c @@ -381,13 +381,15 @@ const char *ce_name[ICNSS_MAX_IRQ_REGISTRATIONS] = { QDF_STATUS ce_unregister_irq(struct HIF_CE_state *hif_ce_state, uint32_t mask) { int id; - int ce_count = HIF_GET_SOFTC(hif_ce_state)->ce_count; + int ce_count; int ret; if (hif_ce_state == NULL) { HIF_WARN("%s: hif_ce_state = NULL", __func__); return QDF_STATUS_SUCCESS; } + + ce_count = HIF_GET_SOFTC(hif_ce_state)->ce_count; for (id = 0; id < ce_count; id++) { if ((mask & (1 << id)) && hif_ce_state->tasklets[id].inited) { ret = icnss_ce_free_irq(id, diff --git a/hif/src/hif_napi.c b/hif/src/hif_napi.c index e532601882..0f14ab26fb 100644 --- a/hif/src/hif_napi.c +++ b/hif/src/hif_napi.c @@ -454,9 +454,8 @@ int hif_napi_poll(struct hif_opaque_softc *hif_ctx, struct napi_struct *napi, if (NULL != hif) { ce_state = hif->ce_id_to_state[NAPI_ID2PIPE(napi_info->id)]; - if (ce_state->lro_flush_cb != NULL) { + if (ce_state && ce_state->lro_flush_cb) ce_state->lro_flush_cb(ce_state->lro_data); - } } /* do not return 0, if there was some work done, @@ -472,7 +471,7 @@ int hif_napi_poll(struct hif_opaque_softc *hif_ctx, struct napi_struct *napi, NAPI_DEBUG("%s:%d: nothing processed by CE. Completing NAPI", __func__, __LINE__); - if ((ce_state != NULL && !ce_check_rx_pending(ce_state)) || 0 == rc) { + if (ce_state && (!ce_check_rx_pending(ce_state) || 0 == rc)) { napi_info->stats[cpu].napi_completes++; hif_record_ce_desc_event(hif, ce_state->id, NAPI_COMPLETE, diff --git a/hif/src/pcie/if_pci.c b/hif/src/pcie/if_pci.c index 6e4c29f1c3..0fa619cd50 100644 --- a/hif/src/pcie/if_pci.c +++ b/hif/src/pcie/if_pci.c @@ -2433,7 +2433,7 @@ void hif_pci_nointrs(struct hif_softc *scn) void hif_pci_disable_bus(struct hif_softc *scn) { struct hif_pci_softc *sc = HIF_GET_PCI_SOFTC(scn); - struct pci_dev *pdev = sc->pdev; + struct pci_dev *pdev; void __iomem *mem; /* Attach did not succeed, all resources have been @@ -2442,6 +2442,7 @@ void hif_pci_disable_bus(struct hif_softc *scn) if (!sc) return; + pdev = sc->pdev; if (ADRASTEA_BU) { hif_write32_mb(sc->mem + PCIE_INTR_ENABLE_ADDRESS, 0); hif_write32_mb(sc->mem + PCIE_INTR_CLR_ADDRESS, diff --git a/wmi/src/wmi_unified_tlv.c b/wmi/src/wmi_unified_tlv.c index 10864c4abe..775123100d 100644 --- a/wmi/src/wmi_unified_tlv.c +++ b/wmi/src/wmi_unified_tlv.c @@ -5887,6 +5887,11 @@ QDF_STATUS send_process_ll_stats_get_cmd_tlv(wmi_unified_t wmi_handle, len = sizeof(*cmd); buf = wmi_buf_alloc(wmi_handle, len); + if (!buf) { + WMI_LOGE("%s: buf allocation failed", __func__); + return QDF_STATUS_E_NOMEM; + } + buf_ptr = (uint8_t *) wmi_buf_data(buf); qdf_mem_zero(buf_ptr, len); cmd = (wmi_request_link_stats_cmd_fixed_param *) buf_ptr;