[08/20] wifi: iwlwifi: mvm: add a few NULL pointer checks

Message ID	20230614123446.e47b0192c78f.I67fa9f07cd1c8b3bdc8db25f5e31c1c680c49745@changeid
State	New
Headers	show Return-Path: <linux-wireless-owner@vger.kernel.org> From: gregory.greenman@intel.com To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, Johannes Berg <johannes.berg@intel.com>, Gregory Greenman <gregory.greenman@intel.com> Subject: [PATCH 08/20] wifi: iwlwifi: mvm: add a few NULL pointer checks Date: Wed, 14 Jun 2023 12:41:25 +0300 Message-Id: <20230614123446.e47b0192c78f.I67fa9f07cd1c8b3bdc8db25f5e31c1c680c49745@changeid> In-Reply-To: <20230614094137.379897-1-gregory.greenman@intel.com> References: <20230614094137.379897-1-gregory.greenman@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	wifi: iwlwifi: updates intended for v6.5 2023-06-14 \| expand [00/20] wifi: iwlwifi: updates intended for v6.5 2023-06-14 [01/20] wifi: iwlwifi: mvm: correctly access HE/EHT sband capa [02/20] wifi: iwlwifi: Correctly indicate support for VHT TX STBC [03/20] wifi: iwlwifi: fw: make some ACPI functions static [04/20] wifi: iwlwifi: mvm: use iwl_mvm_is_vendor_in_approved_list() [05/20] wifi: iwlwifi: pull from TXQs with softirqs disabled [06/20] wifi: iwlwifi: pcie: double-check ACK interrupt after timeout [07/20] wifi: iwlwifi: fw: Add new FSEQ defines to fw dump [08/20] wifi: iwlwifi: mvm: add a few NULL pointer checks [09/20] wifi: iwlwifi: mvm: check link during TX [10/20] wifi: iwlwifi: mvm: disable new TX csum mode completely [11/20] wifi: iwlwifi: mvm: store WMM params per link [12/20] wifi: iwlwifi: use array as array argument [13/20] wifi: iwlwifi: mvm: always send spec link ID in link commands [14/20] wifi: iwlwifi: add some FW misbehaviour check infrastructure [15/20] wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() [16/20] wifi: iwlwifi: implement WPFC ACPI table loading [17/20] wifi: iwlwifi: mvm: track u-APSD misbehaving AP by AP address [18/20] wifi: iwlwifi: mvm: Validate tid is in valid range before using it [19/20] wifi: iwlwifi: Validate slots_num before allocating memory [20/20] wifi: iwlwifi: add a few rate index validity checks

Message ID

20230614123446.e47b0192c78f.I67fa9f07cd1c8b3bdc8db25f5e31c1c680c49745@changeid

State

New

Headers

From: gregory.greenman@intel.com
To: johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org,
        Johannes Berg <johannes.berg@intel.com>,
        Gregory Greenman <gregory.greenman@intel.com>
Subject: [PATCH 08/20] wifi: iwlwifi: mvm: add a few NULL pointer checks
Date: Wed, 14 Jun 2023 12:41:25 +0300
Message-Id: 
 <20230614123446.e47b0192c78f.I67fa9f07cd1c8b3bdc8db25f5e31c1c680c49745@changeid>
In-Reply-To: <20230614094137.379897-1-gregory.greenman@intel.com>
References: <20230614094137.379897-1-gregory.greenman@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

wifi: iwlwifi: updates intended for v6.5 2023-06-14 | expand

Commit Message

Greenman, Gregory June 14, 2023, 9:41 a.m. UTC

From: Johannes Berg <johannes.berg@intel.com>

We've observed that in some botched firmware restart scenarios
when the firmware crashes again while we're reconfiguring, we
can hit NULL pointer crashes here. The underlying issue is the
botched restart which we need to fix separately, but until we
can do that, don't crash hard here.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
---
 drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 6 +++++-
 drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c  | 8 +++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
index 059ede6f7b65..954ea9ac8e5b 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
@@ -1,6 +1,6 @@ 
 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
 /*
- * Copyright (C) 2012-2014, 2018-2022 Intel Corporation
+ * Copyright (C) 2012-2014, 2018-2023 Intel Corporation
  * Copyright (C) 2013-2014 Intel Mobile Communications GmbH
  * Copyright (C) 2015-2017 Intel Deutschland GmbH
  */
@@ -1111,6 +1111,10 @@  static int iwl_mvm_mac_ctxt_send_beacon_v9(struct iwl_mvm *mvm,
 
 	beacon_cmd.flags = cpu_to_le16(flags);
 	beacon_cmd.byte_cnt = cpu_to_le16((u16)beacon->len);
+
+	if (WARN_ON(!mvmvif->link[link_conf->link_id]))
+		return -EINVAL;
+
 	if (iwl_fw_lookup_cmd_ver(mvm->fw, BEACON_TEMPLATE_CMD, 0) > 12)
 		beacon_cmd.link_id =
 			cpu_to_le32(mvmvif->link[link_conf->link_id]->fw_link_id);
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c
index bb8868cd4396..524852cf5cd2 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c
@@ -1,6 +1,6 @@ 
 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
 /*
- * Copyright (C) 2022 Intel Corporation
+ * Copyright (C) 2022-2023 Intel Corporation
  */
 #include "mvm.h"
 #include "time-sync.h"
@@ -369,6 +369,9 @@  int iwl_mvm_mld_rm_bcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
 
 	lockdep_assert_held(&mvm->mutex);
 
+	if (WARN_ON(!link))
+		return -EIO;
+
 	switch (vif->type) {
 	case NL80211_IFTYPE_AP:
 	case NL80211_IFTYPE_ADHOC:
@@ -398,6 +401,9 @@  int iwl_mvm_mld_rm_mcast_sta(struct iwl_mvm *mvm, struct ieee80211_vif *vif,
 
 	lockdep_assert_held(&mvm->mutex);
 
+	if (WARN_ON(!link))
+		return -EIO;
+
 	return iwl_mvm_mld_rm_int_sta(mvm, &link->mcast_sta, true, 0,
 				      &link->cab_queue);
 }

[08/20] wifi: iwlwifi: mvm: add a few NULL pointer checks

Commit Message

Patch