From: Luca Coelho <luca@coelho.fi>
To: kvalo@codeaurora.org
Cc: linux-wireless@vger.kernel.org
Subject: [PATCH for v5.11 07/12] iwlwifi: queue: don't crash if txq->entries is NULL
Date: Fri, 15 Jan 2021 13:05:53 +0200 [thread overview]
Message-ID: <iwlwifi.20210115130252.173359fc236d.I75c7c2397d20df8d7fbc24cb16a5232d5c551889@changeid> (raw)
In-Reply-To: <20210115110558.1248847-1-luca@coelho.fi>
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
The code was really awkward, we would first dereference
txq->entries when calling iwl_txq_genX_tfd_unmap and then
we would check that txq->entries is non-NULL.
Fix that by exiting if txq->entries is NULL.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
drivers/net/wireless/intel/iwlwifi/queue/tx.c | 49 +++++++++----------
1 file changed, 24 insertions(+), 25 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/queue/tx.c b/drivers/net/wireless/intel/iwlwifi/queue/tx.c
index 27eea909e32d..62c0c4cbe481 100644
--- a/drivers/net/wireless/intel/iwlwifi/queue/tx.c
+++ b/drivers/net/wireless/intel/iwlwifi/queue/tx.c
@@ -142,26 +142,25 @@ void iwl_txq_gen2_free_tfd(struct iwl_trans *trans, struct iwl_txq *txq)
* idx is bounded by n_window
*/
int idx = iwl_txq_get_cmd_index(txq, txq->read_ptr);
+ struct sk_buff *skb;
lockdep_assert_held(&txq->lock);
+ if (!txq->entries)
+ return;
+
iwl_txq_gen2_tfd_unmap(trans, &txq->entries[idx].meta,
iwl_txq_get_tfd(trans, txq, idx));
- /* free SKB */
- if (txq->entries) {
- struct sk_buff *skb;
-
- skb = txq->entries[idx].skb;
+ skb = txq->entries[idx].skb;
- /* Can be called from irqs-disabled context
- * If skb is not NULL, it means that the whole queue is being
- * freed and that the queue is not empty - free the skb
- */
- if (skb) {
- iwl_op_mode_free_skb(trans->op_mode, skb);
- txq->entries[idx].skb = NULL;
- }
+ /* Can be called from irqs-disabled context
+ * If skb is not NULL, it means that the whole queue is being
+ * freed and that the queue is not empty - free the skb
+ */
+ if (skb) {
+ iwl_op_mode_free_skb(trans->op_mode, skb);
+ txq->entries[idx].skb = NULL;
}
}
@@ -1494,28 +1493,28 @@ void iwl_txq_free_tfd(struct iwl_trans *trans, struct iwl_txq *txq)
*/
int rd_ptr = txq->read_ptr;
int idx = iwl_txq_get_cmd_index(txq, rd_ptr);
+ struct sk_buff *skb;
lockdep_assert_held(&txq->lock);
+ if (!txq->entries)
+ return;
+
/* We have only q->n_window txq->entries, but we use
* TFD_QUEUE_SIZE_MAX tfds
*/
iwl_txq_gen1_tfd_unmap(trans, &txq->entries[idx].meta, txq, rd_ptr);
/* free SKB */
- if (txq->entries) {
- struct sk_buff *skb;
-
- skb = txq->entries[idx].skb;
+ skb = txq->entries[idx].skb;
- /* Can be called from irqs-disabled context
- * If skb is not NULL, it means that the whole queue is being
- * freed and that the queue is not empty - free the skb
- */
- if (skb) {
- iwl_op_mode_free_skb(trans->op_mode, skb);
- txq->entries[idx].skb = NULL;
- }
+ /* Can be called from irqs-disabled context
+ * If skb is not NULL, it means that the whole queue is being
+ * freed and that the queue is not empty - free the skb
+ */
+ if (skb) {
+ iwl_op_mode_free_skb(trans->op_mode, skb);
+ txq->entries[idx].skb = NULL;
}
}
--
2.29.2
next prev parent reply other threads:[~2021-01-15 11:06 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-15 11:05 [PATCH for v5.11 00/12] iwlwifi: fixes intended for v5.10 2020-12-02 Luca Coelho
2021-01-15 11:05 ` [PATCH for v5.11 01/12] iwlwifi: mvm: skip power command when unbinding vif during CSA Luca Coelho
2021-01-25 13:54 ` Kalle Valo
2021-01-15 11:05 ` [PATCH for v5.11 02/12] iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() Luca Coelho
2021-01-15 11:05 ` [PATCH for v5.11 03/12] iwlwifi: pcie: avoid potential PNVM leaks Luca Coelho
2021-01-15 11:05 ` [PATCH for v5.11 04/12] iwlwifi: pnvm: don't skip everything when not reloading Luca Coelho
2021-01-15 11:05 ` [PATCH for v5.11 05/12] iwlwifi: pnvm: don't try to load after failures Luca Coelho
2021-01-15 11:05 ` [PATCH for v5.11 06/12] iwlwifi: fix the NMI flow for old devices Luca Coelho
2021-01-15 11:05 ` Luca Coelho [this message]
2021-01-15 11:05 ` [PATCH for v5.11 08/12] iwlwifi: pcie: set LTR on more devices Luca Coelho
2021-01-15 11:05 ` [PATCH for v5.11 09/12] iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap Luca Coelho
2021-01-15 11:05 ` [PATCH for v5.11 10/12] iwlwifi: pcie: fix context info memory leak Luca Coelho
2021-01-15 11:05 ` [PATCH for v5.11 11/12] iwlwifi: pcie: use jiffies for memory read spin time limit Luca Coelho
2021-01-18 15:16 ` Kalle Valo
2021-01-18 15:18 ` Kalle Valo
2021-01-18 15:51 ` Luca Coelho
2021-01-15 11:05 ` [PATCH for v5.11 12/12] iwlwifi: pcie: reschedule in long-running memory reads Luca Coelho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=iwlwifi.20210115130252.173359fc236d.I75c7c2397d20df8d7fbc24cb16a5232d5c551889@changeid \
--to=luca@coelho.fi \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).