|
 |
56e3f4 |
From b18c6b7bcb369bd7dc222cc40c7264a6b5c4fa44 Mon Sep 17 00:00:00 2001
|
|
|
56e3f4 |
From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@redhat.com>
|
|
|
56e3f4 |
Date: Fri, 21 Jan 2022 08:49:02 +0100
|
|
|
56e3f4 |
Subject: [PATCH 09/36] rtw89: Fix variable dereferenced before check 'sta'
|
|
|
56e3f4 |
MIME-Version: 1.0
|
|
|
56e3f4 |
Content-Type: text/plain; charset=UTF-8
|
|
|
56e3f4 |
Content-Transfer-Encoding: 8bit
|
|
|
56e3f4 |
|
|
|
56e3f4 |
Bugzilla: http://bugzilla.redhat.com/2033291
|
|
|
56e3f4 |
|
|
|
56e3f4 |
commit 5d44f0672319c19a41ff0e0e4f0d64164cf9752b
|
|
|
56e3f4 |
Author: Ping-Ke Shih <pkshih@realtek.com>
|
|
|
56e3f4 |
Date: Fri Oct 22 14:12:42 2021 +0800
|
|
|
56e3f4 |
|
|
|
56e3f4 |
rtw89: Fix variable dereferenced before check 'sta'
|
|
|
56e3f4 |
|
|
|
56e3f4 |
The pointer rtwsta is dereferencing pointer sta before sta is being null
|
|
|
56e3f4 |
checked. Fix this by assigning sta->drv_priv to rtwsta only if sta is not
|
|
|
56e3f4 |
NULL, otherwise just NULL.
|
|
|
56e3f4 |
|
|
|
56e3f4 |
Fixes: e3ec7017f6a2 ("rtw89: add Realtek 802.11ax driver")
|
|
|
56e3f4 |
Reported-by: Colin Ian King <colin.king@canonical.com>
|
|
|
56e3f4 |
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
|
|
|
56e3f4 |
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
|
56e3f4 |
Link: https://lore.kernel.org/r/20211022061242.8383-1-pkshih@realtek.com
|
|
|
56e3f4 |
|
|
|
56e3f4 |
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
|
|
|
56e3f4 |
---
|
|
|
56e3f4 |
drivers/net/wireless/realtek/rtw89/core.c | 6 +++---
|
|
|
56e3f4 |
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
56e3f4 |
|
|
|
56e3f4 |
diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c
|
|
|
56e3f4 |
index 06fb6e5b1b37..d02ec5a735cb 100644
|
|
|
56e3f4 |
--- a/drivers/net/wireless/realtek/rtw89/core.c
|
|
|
56e3f4 |
+++ b/drivers/net/wireless/realtek/rtw89/core.c
|
|
|
56e3f4 |
@@ -1412,7 +1412,7 @@ static void rtw89_core_ba_work(struct work_struct *work)
|
|
|
56e3f4 |
list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->ba_list, list) {
|
|
|
56e3f4 |
struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
|
|
|
56e3f4 |
struct ieee80211_sta *sta = txq->sta;
|
|
|
56e3f4 |
- struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
|
|
|
56e3f4 |
+ struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
|
|
|
56e3f4 |
u8 tid = txq->tid;
|
|
|
56e3f4 |
|
|
|
56e3f4 |
if (!sta) {
|
|
|
56e3f4 |
@@ -1462,7 +1462,7 @@ static void rtw89_core_txq_check_agg(struct rtw89_dev *rtwdev,
|
|
|
56e3f4 |
struct ieee80211_hw *hw = rtwdev->hw;
|
|
|
56e3f4 |
struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
|
|
|
56e3f4 |
struct ieee80211_sta *sta = txq->sta;
|
|
|
56e3f4 |
- struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
|
|
|
56e3f4 |
+ struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
|
|
|
56e3f4 |
|
|
|
56e3f4 |
if (unlikely(skb_get_queue_mapping(skb) == IEEE80211_AC_VO))
|
|
|
56e3f4 |
return;
|
|
|
56e3f4 |
@@ -1534,7 +1534,7 @@ static bool rtw89_core_txq_agg_wait(struct rtw89_dev *rtwdev,
|
|
|
56e3f4 |
{
|
|
|
56e3f4 |
struct rtw89_txq *rtwtxq = (struct rtw89_txq *)txq->drv_priv;
|
|
|
56e3f4 |
struct ieee80211_sta *sta = txq->sta;
|
|
|
56e3f4 |
- struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
|
|
|
56e3f4 |
+ struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
|
|
|
56e3f4 |
|
|
|
56e3f4 |
if (!sta || rtwsta->max_agg_wait <= 0)
|
|
|
56e3f4 |
return false;
|
|
|
56e3f4 |
--
|
|
|
56e3f4 |
2.13.6
|
|
|
56e3f4 |
|