From ef1f0f90fcdac63be3bb5a62ef1b8bd3d3002a1c Mon Sep 17 00:00:00 2001 From: Krunal Soni Date: Mon, 17 Sep 2018 21:09:55 -0700 Subject: [PATCH] qcacmn: check hal_ring pointer before servicing the ring Do null check before servicing the ring. When dp_service_srngs() is common API which gets called when interrupt gets fired for any ring. Within this API, driver goes one by one to each ring and service the rings as it is not obvious from interrupt line that which particular service ring needs to be served. So race happens when rings are getting initialized and packet has been arrived to one of the rings. Due to dp_service_srngs() API's implementation, driver goes to one by one each ring without checking if all rings are initialized. CRs-Fixed: 2310496 Change-Id: I3c8f668756c8d266abe082e8473d54cb4df9065e --- hal/wifi3.0/hal_api.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hal/wifi3.0/hal_api.h b/hal/wifi3.0/hal_api.h index 312a077019..1fef362151 100644 --- a/hal/wifi3.0/hal_api.h +++ b/hal/wifi3.0/hal_api.h @@ -398,6 +398,11 @@ static inline int hal_srng_access_start(void *hal_soc, void *hal_ring) { struct hal_srng *srng = (struct hal_srng *)hal_ring; + if (qdf_unlikely(!hal_ring)) { + qdf_print("Error: Invalid hal_ring\n"); + return -EINVAL; + } + SRNG_LOCK(&(srng->lock)); return hal_srng_access_start_unlocked(hal_soc, hal_ring); @@ -801,6 +806,11 @@ static inline void hal_srng_access_end(void *hal_soc, void *hal_ring) { struct hal_srng *srng = (struct hal_srng *)hal_ring; + if (qdf_unlikely(!hal_ring)) { + qdf_print("Error: Invalid hal_ring\n"); + return; + } + hal_srng_access_end_unlocked(hal_soc, hal_ring); SRNG_UNLOCK(&(srng->lock)); }