summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEyal Shapira <eyal@wizery.com>2013-12-23 16:26:41 +0200
committerEmmanuel Grumbach <emmanuel.grumbach@intel.com>2013-12-31 19:03:52 +0200
commit80e9e5cd265af43cc51948125317c40f0988013b (patch)
tree82a63c92721c2d769ac4cd05bb4bcc20cd4deb1f
parent6e97b0d2984a7f80b1d6ba4f62d84d2ce8106069 (diff)
downloadlwn-80e9e5cd265af43cc51948125317c40f0988013b.tar.gz
lwn-80e9e5cd265af43cc51948125317c40f0988013b.zip
iwlwifi: mvm: rs: fix a potential NULL deref
Found by klocwork analysis. mvm could be NULL which may cause a NULL dereference in a theoretical call flow rs_fill_lq_cmd(mvm = NULL, ...) rs_build_rates_table rs_fill_rates_for_column ucode_rate_from_rs_rate IWL_ERR(mvm,...) No real reason for passing NULL to rs_fill_lq_cmd so fix that. Reported-by: Eytan Lifshitz <eytan.lifshitz@intel.com> Signed-off-by: Eyal Shapira <eyal@wizery.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-rw-r--r--drivers/net/wireless/iwlwifi/mvm/rs.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/drivers/net/wireless/iwlwifi/mvm/rs.c b/drivers/net/wireless/iwlwifi/mvm/rs.c
index 269fa0a4a382..b7668dc3acbb 100644
--- a/drivers/net/wireless/iwlwifi/mvm/rs.c
+++ b/drivers/net/wireless/iwlwifi/mvm/rs.c
@@ -2121,7 +2121,7 @@ static void rs_initialize_lq(struct iwl_mvm *mvm,
tbl->column = RS_COLUMN_LEGACY_ANT_B;
rs_set_expected_tpt_table(lq_sta, tbl);
- rs_fill_lq_cmd(NULL, NULL, lq_sta, rate);
+ rs_fill_lq_cmd(mvm, sta, lq_sta, rate);
/* TODO restore station should remember the lq cmd */
iwl_mvm_send_lq_cmd(mvm, &lq_sta->lq, init);
}
@@ -2448,8 +2448,7 @@ static void rs_build_rates_table(struct iwl_mvm *mvm,
memcpy(&rate, initial_rate, sizeof(rate));
- if (mvm)
- valid_tx_ant = iwl_fw_valid_tx_ant(mvm->fw);
+ valid_tx_ant = iwl_fw_valid_tx_ant(mvm->fw);
if (is_siso(&rate)) {
num_rates = RS_INITIAL_SISO_NUM_RATES;
@@ -2623,7 +2622,7 @@ static void rs_program_fix_rate(struct iwl_mvm *mvm,
struct rs_rate rate;
rs_rate_from_ucode_rate(lq_sta->dbg_fixed_rate,
lq_sta->band, &rate);
- rs_fill_lq_cmd(NULL, NULL, lq_sta, &rate);
+ rs_fill_lq_cmd(mvm, NULL, lq_sta, &rate);
iwl_mvm_send_lq_cmd(lq_sta->drv, &lq_sta->lq, false);
}
}