Prechádzať zdrojové kódy

cnss2: fix the issue that NULL pointer may be referenced

Pointer 'plat_priv' returned from call to function
'cnss_get_plat_priv' may be NULL and may be passed to
another function that may reference it.

Change-Id: I5f8bad5efd0b728127f6f257882693a042d78223
CRs-Fixed: 3428657
Meng Yuan 2 rokov pred
rodič
commit
8eb1e1e993
2 zmenil súbory, kde vykonal 24 pridanie a 1 odobranie
  1. 23 1
      cnss2/main.c
  2. 1 0
      cnss2/main.h

+ 23 - 1
cnss2/main.c

@@ -150,6 +150,20 @@ struct cnss_plat_data *cnss_get_plat_priv(struct platform_device
 	return NULL;
 }
 
+struct cnss_plat_data *cnss_get_first_plat_priv(struct platform_device
+						 *plat_dev)
+{
+	int i;
+
+	if (!plat_dev) {
+		for (i = 0; i < plat_env_count; i++) {
+			if (plat_env[i])
+				return plat_env[i];
+		}
+	}
+	return NULL;
+}
+
 static void cnss_clear_plat_priv(struct cnss_plat_data *plat_priv)
 {
 	cnss_pr_dbg("Clear plat_priv at %d", plat_priv->plat_idx);
@@ -4551,9 +4565,17 @@ end:
 
 int cnss_wlan_hw_enable(void)
 {
-	struct cnss_plat_data *plat_priv = cnss_get_plat_priv(NULL);
+	struct cnss_plat_data *plat_priv;
 	int ret = 0;
 
+	if (cnss_is_dual_wlan_enabled())
+		plat_priv = cnss_get_first_plat_priv(NULL);
+	else
+		plat_priv = cnss_get_plat_priv(NULL);
+
+	if (!plat_priv)
+		return -ENODEV;
+
 	clear_bit(CNSS_WLAN_HW_DISABLED, &plat_priv->driver_state);
 
 	if (test_bit(CNSS_PCI_PROBE_DONE, &plat_priv->driver_state))

+ 1 - 0
cnss2/main.h

@@ -635,6 +635,7 @@ static inline u64 cnss_get_host_timestamp(struct cnss_plat_data *plat_priv)
 int cnss_wlan_hw_disable_check(struct cnss_plat_data *plat_priv);
 int cnss_wlan_hw_enable(void);
 struct cnss_plat_data *cnss_get_plat_priv(struct platform_device *plat_dev);
+struct cnss_plat_data *cnss_get_first_plat_priv(struct platform_device *plat_dev);
 void cnss_pm_stay_awake(struct cnss_plat_data *plat_priv);
 void cnss_pm_relax(struct cnss_plat_data *plat_priv);
 struct cnss_plat_data *cnss_get_plat_priv_by_rc_num(int rc_num);