qcacmn: Add NULL checks before dereferencing
Add NULL checks before dereferencing in: 1) HIF layer 2) WMI layer. Change-Id: I47c5d18ae7841826d958d742283edb0bd6d246b7 CRs-Fixed: 1036390
This commit is contained in:
Himanshu Agarwal
committed by
Nandini Suresh
Nandini Suresh
parent
c2611a2c80
commit
2a92459208
@@ -2230,7 +2230,11 @@ int hif_ce_fastpath_cb_register(struct hif_opaque_softc *hif_ctx,
|
|||||||
struct hif_softc *scn = HIF_GET_SOFTC(hif_ctx);
|
struct hif_softc *scn = HIF_GET_SOFTC(hif_ctx);
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
QDF_ASSERT(scn != NULL);
|
if (!scn) {
|
||||||
|
HIF_ERROR("%s: scn is NULL", __func__);
|
||||||
|
QDF_ASSERT(0);
|
||||||
|
return QDF_STATUS_E_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
if (!scn->fastpath_mode_on) {
|
if (!scn->fastpath_mode_on) {
|
||||||
HIF_WARN("%s: Fastpath mode disabled", __func__);
|
HIF_WARN("%s: Fastpath mode disabled", __func__);
|
||||||
|
|||||||
@@ -381,13 +381,15 @@ const char *ce_name[ICNSS_MAX_IRQ_REGISTRATIONS] = {
|
|||||||
QDF_STATUS ce_unregister_irq(struct HIF_CE_state *hif_ce_state, uint32_t mask)
|
QDF_STATUS ce_unregister_irq(struct HIF_CE_state *hif_ce_state, uint32_t mask)
|
||||||
{
|
{
|
||||||
int id;
|
int id;
|
||||||
int ce_count = HIF_GET_SOFTC(hif_ce_state)->ce_count;
|
int ce_count;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if (hif_ce_state == NULL) {
|
if (hif_ce_state == NULL) {
|
||||||
HIF_WARN("%s: hif_ce_state = NULL", __func__);
|
HIF_WARN("%s: hif_ce_state = NULL", __func__);
|
||||||
return QDF_STATUS_SUCCESS;
|
return QDF_STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ce_count = HIF_GET_SOFTC(hif_ce_state)->ce_count;
|
||||||
for (id = 0; id < ce_count; id++) {
|
for (id = 0; id < ce_count; id++) {
|
||||||
if ((mask & (1 << id)) && hif_ce_state->tasklets[id].inited) {
|
if ((mask & (1 << id)) && hif_ce_state->tasklets[id].inited) {
|
||||||
ret = icnss_ce_free_irq(id,
|
ret = icnss_ce_free_irq(id,
|
||||||
|
|||||||
@@ -454,9 +454,8 @@ int hif_napi_poll(struct hif_opaque_softc *hif_ctx, struct napi_struct *napi,
|
|||||||
|
|
||||||
if (NULL != hif) {
|
if (NULL != hif) {
|
||||||
ce_state = hif->ce_id_to_state[NAPI_ID2PIPE(napi_info->id)];
|
ce_state = hif->ce_id_to_state[NAPI_ID2PIPE(napi_info->id)];
|
||||||
if (ce_state->lro_flush_cb != NULL) {
|
if (ce_state && ce_state->lro_flush_cb)
|
||||||
ce_state->lro_flush_cb(ce_state->lro_data);
|
ce_state->lro_flush_cb(ce_state->lro_data);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* do not return 0, if there was some work done,
|
/* do not return 0, if there was some work done,
|
||||||
@@ -472,7 +471,7 @@ int hif_napi_poll(struct hif_opaque_softc *hif_ctx, struct napi_struct *napi,
|
|||||||
NAPI_DEBUG("%s:%d: nothing processed by CE. Completing NAPI",
|
NAPI_DEBUG("%s:%d: nothing processed by CE. Completing NAPI",
|
||||||
__func__, __LINE__);
|
__func__, __LINE__);
|
||||||
|
|
||||||
if ((ce_state != NULL && !ce_check_rx_pending(ce_state)) || 0 == rc) {
|
if (ce_state && (!ce_check_rx_pending(ce_state) || 0 == rc)) {
|
||||||
napi_info->stats[cpu].napi_completes++;
|
napi_info->stats[cpu].napi_completes++;
|
||||||
|
|
||||||
hif_record_ce_desc_event(hif, ce_state->id, NAPI_COMPLETE,
|
hif_record_ce_desc_event(hif, ce_state->id, NAPI_COMPLETE,
|
||||||
|
|||||||
@@ -2433,7 +2433,7 @@ void hif_pci_nointrs(struct hif_softc *scn)
|
|||||||
void hif_pci_disable_bus(struct hif_softc *scn)
|
void hif_pci_disable_bus(struct hif_softc *scn)
|
||||||
{
|
{
|
||||||
struct hif_pci_softc *sc = HIF_GET_PCI_SOFTC(scn);
|
struct hif_pci_softc *sc = HIF_GET_PCI_SOFTC(scn);
|
||||||
struct pci_dev *pdev = sc->pdev;
|
struct pci_dev *pdev;
|
||||||
void __iomem *mem;
|
void __iomem *mem;
|
||||||
|
|
||||||
/* Attach did not succeed, all resources have been
|
/* Attach did not succeed, all resources have been
|
||||||
@@ -2442,6 +2442,7 @@ void hif_pci_disable_bus(struct hif_softc *scn)
|
|||||||
if (!sc)
|
if (!sc)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
pdev = sc->pdev;
|
||||||
if (ADRASTEA_BU) {
|
if (ADRASTEA_BU) {
|
||||||
hif_write32_mb(sc->mem + PCIE_INTR_ENABLE_ADDRESS, 0);
|
hif_write32_mb(sc->mem + PCIE_INTR_ENABLE_ADDRESS, 0);
|
||||||
hif_write32_mb(sc->mem + PCIE_INTR_CLR_ADDRESS,
|
hif_write32_mb(sc->mem + PCIE_INTR_CLR_ADDRESS,
|
||||||
|
|||||||
@@ -5887,6 +5887,11 @@ QDF_STATUS send_process_ll_stats_get_cmd_tlv(wmi_unified_t wmi_handle,
|
|||||||
len = sizeof(*cmd);
|
len = sizeof(*cmd);
|
||||||
buf = wmi_buf_alloc(wmi_handle, len);
|
buf = wmi_buf_alloc(wmi_handle, len);
|
||||||
|
|
||||||
|
if (!buf) {
|
||||||
|
WMI_LOGE("%s: buf allocation failed", __func__);
|
||||||
|
return QDF_STATUS_E_NOMEM;
|
||||||
|
}
|
||||||
|
|
||||||
buf_ptr = (uint8_t *) wmi_buf_data(buf);
|
buf_ptr = (uint8_t *) wmi_buf_data(buf);
|
||||||
qdf_mem_zero(buf_ptr, len);
|
qdf_mem_zero(buf_ptr, len);
|
||||||
cmd = (wmi_request_link_stats_cmd_fixed_param *) buf_ptr;
|
cmd = (wmi_request_link_stats_cmd_fixed_param *) buf_ptr;
|
||||||
|
|||||||
Reference in New Issue
Block a user