diff options
| author | Roopni Devanathan <quic_rdevanat@quicinc.com> | 2025-02-21 09:42:50 +0530 |
|---|---|---|
| committer | Jeff Johnson <jeff.johnson@oss.qualcomm.com> | 2025-02-24 08:01:14 -0800 |
| commit | e180a01bf2c4a67db13d70d2d91410a8c6f74be3 (patch) | |
| tree | 10032e2ed68b11a1768412ca6bcb8d38ab8b5d3b | |
| parent | 11d963d44c77261d6a948f3745bbd678eef4b83b (diff) | |
wifi: ath12k: Add NULL check to validate tpc_stats
While processing TPC stats received from firmware, there are chances that
the tpc_stats might not be filled and the data is not available. This can
happen under two scenarios. First, when firmware sends a non-zero event
count before event count 0. When this happens, tpc_stats will be checked
for data before memory allocation and the tpc_stats will be unavailable.
Second, when memory allocation failed when event count received is 0 and
the firmware still sends a non-zero event. When this happens, memory will
not be allocated for tpc_stats though event count is 0, so when non-zero
event count is received, tpc_stats will be empty. There are checks to
validate if tpc_stats variable is filled that are used in two subsequent
places, but these are placed after tpc_stats is dereference without
checking if it is NULL or has valid data.
Fix this by removing the mentioned checks and adding a NULL check after
assigning tpc_stats to check if it is valid.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1
Closes: https://scan7.scan.coverity.com/#/project-view/52668/11354?selectedIssue=1637145
Fixes: f0c3bb78e42f ("wifi: ath12k: Add Support to Parse TPC Event from Firmware")
Signed-off-by: Roopni Devanathan <quic_rdevanat@quicinc.com>
Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>
Link: https://patch.msgid.link/20250221041250.769491-1-quic_rdevanat@quicinc.com
Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
| -rw-r--r-- | drivers/net/wireless/ath/ath12k/wmi.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c index 1d6b7af546bf7..96c473c4adc65 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.c +++ b/drivers/net/wireless/ath/ath12k/wmi.c @@ -8442,6 +8442,10 @@ static void ath12k_wmi_process_tpc_stats(struct ath12k_base *ab, } tpc_stats = ar->debug.tpc_stats; + if (!tpc_stats) { + ath12k_warn(ab, "tpc stats memory unavailable\n"); + goto unlock; + } if (!(event_count == 0)) { if (event_count != tpc_stats->event_count + 1) { @@ -8460,13 +8464,12 @@ static void ath12k_wmi_process_tpc_stats(struct ath12k_base *ab, ath12k_wmi_tpc_stats_event_parser, tpc_stats); if (ret) { - if (tpc_stats) - ath12k_wmi_free_tpc_stats_mem(ar); + ath12k_wmi_free_tpc_stats_mem(ar); ath12k_warn(ab, "failed to parse tpc_stats tlv: %d\n", ret); goto unlock; } - if (tpc_stats && tpc_stats->end_of_event) + if (tpc_stats->end_of_event) complete(&ar->debug.tpc_complete); unlock: |