From: Ping-Ke Shih <pkshih@realtek.com>
To: <kvalo@kernel.org>
Cc: <linux-wireless@vger.kernel.org>, <phhuang@realtek.com>,
<kevin_yang@realtek.com>
Subject: [PATCH 2/6] rtw89: fix null vif pointer when hw_scan fails
Date: Fri, 20 May 2022 15:17:27 +0800 [thread overview]
Message-ID: <20220520071731.38563-3-pkshih@realtek.com> (raw)
In-Reply-To: <20220520071731.38563-1-pkshih@realtek.com>
From: Po Hao Huang <phhuang@realtek.com>
Add this check to avoid crash by dereferencing a null pointer. When hwscan
fails due to no memory or dma failure, the scan flag in ieee80211_local is
cleared. So mac80211 determine that it's not hw_scan then calls
sw_scan_complete() with null vif, which is also freed during the fail.
Signed-off-by: Po Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
---
drivers/net/wireless/realtek/rtw89/core.c | 5 ++++-
drivers/net/wireless/realtek/rtw89/fw.c | 4 ++--
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c
index e24e133a94df6..958fe2787c6a1 100644
--- a/drivers/net/wireless/realtek/rtw89/core.c
+++ b/drivers/net/wireless/realtek/rtw89/core.c
@@ -2875,7 +2875,10 @@ void rtw89_core_scan_start(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif,
void rtw89_core_scan_complete(struct rtw89_dev *rtwdev,
struct ieee80211_vif *vif, bool hw_scan)
{
- struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
+ struct rtw89_vif *rtwvif = vif ? (struct rtw89_vif *)vif->drv_priv : NULL;
+
+ if (!rtwvif)
+ return;
ether_addr_copy(rtwvif->mac_addr, vif->addr);
rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, NULL);
diff --git a/drivers/net/wireless/realtek/rtw89/fw.c b/drivers/net/wireless/realtek/rtw89/fw.c
index 7fb4509a6c72a..2d9c3157d878c 100644
--- a/drivers/net/wireless/realtek/rtw89/fw.c
+++ b/drivers/net/wireless/realtek/rtw89/fw.c
@@ -2257,7 +2257,7 @@ static int rtw89_hw_scan_add_chan_list(struct rtw89_dev *rtwdev,
list_add_tail(&ch_info->list, &chan_list);
off_chan_time += ch_info->period;
}
- rtw89_fw_h2c_scan_list_offload(rtwdev, list_len, &chan_list);
+ ret = rtw89_fw_h2c_scan_list_offload(rtwdev, list_len, &chan_list);
out:
list_for_each_entry_safe(ch_info, tmp, &chan_list, list) {
@@ -2368,7 +2368,7 @@ int rtw89_hw_scan_offload(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif,
if (ret)
goto out;
}
- rtw89_fw_h2c_scan_offload(rtwdev, &opt, rtwvif);
+ ret = rtw89_fw_h2c_scan_offload(rtwdev, &opt, rtwvif);
out:
return ret;
}
--
2.25.1
next prev parent reply other threads:[~2022-05-20 7:18 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-20 7:17 [PATCH 0/6] rtw89: fix HW scan and complement some functions Ping-Ke Shih
2022-05-20 7:17 ` [PATCH 1/6] rtw89: fix channel inconsistency during hw_scan Ping-Ke Shih
2022-05-30 9:36 ` Kalle Valo
2022-05-20 7:17 ` Ping-Ke Shih [this message]
2022-05-20 7:17 ` [PATCH 3/6] rtw89: pci: handle hardware watchdog timeout interrupt status Ping-Ke Shih
2022-05-20 7:17 ` [PATCH 4/6] rtw89: 8852c: rfk: re-calibrate RX DCK once thermal changes a lot Ping-Ke Shih
2022-05-20 7:17 ` [PATCH 5/6] rtw89: sar: adjust and support SAR on 6GHz band Ping-Ke Shih
2022-05-20 7:17 ` [PATCH 6/6] rtw89: support MULTI_BSSID and correct BSSID mask of H2C Ping-Ke Shih
2022-05-30 9:35 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220520071731.38563-3-pkshih@realtek.com \
--to=pkshih@realtek.com \
--cc=kevin_yang@realtek.com \
--cc=kvalo@kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=phhuang@realtek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.