mirrors/armbian_build
1
0
Fork 0
mirror of https://github.com/armbian/build.git synced 2025-08-11 13:46:58 +02:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
97983de408
armbian_build/patch/kernel/archive/sunxi-5.18/patches.megous/rtw89-fix-null-vif-pointer-when-hw_scan-fails.patch
The-going 25e60a726b
Sunxi 5.18 (#3879) 
* sunxi-5.18: rebase megous patces to v5.18.3

* sunxi-5.18: Add upstream patches - tag: orange-pi-5.18-20220609-1318

* Check applicability to version 5.18.3

* sunxi-5.18: switch to version 5.18.3
2022-06-10 21:50:37 +02:00

61 lines
2.4 KiB
Diff
Raw Blame History

From 8487193008b94e728a5f79a0977cf26fb20ded41 Mon Sep 17 00:00:00 2001
From: Po Hao Huang <phhuang@realtek.com>
Date: Fri, 20 May 2022 15:17:27 +0800
Subject: [PATCH 523/533] rtw89: fix null vif pointer when hw_scan fails
Add this check to avoid crash by dereferencing a null pointer. When hwscan
fails due to no memory or dma failure, the scan flag in ieee80211_local is
cleared. So mac80211 determine that it's not hw_scan then calls
sw_scan_complete() with null vif, which is also freed during the fail.
Signed-off-by: Po Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220520071731.38563-3-pkshih@realtek.com
---
drivers/net/wireless/realtek/rtw89/core.c | 5 ++++-
drivers/net/wireless/realtek/rtw89/fw.c | 4 ++--
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c
index 7c12ac10945b..631dcdff4d0d 100644
--- a/drivers/net/wireless/realtek/rtw89/core.c
+++ b/drivers/net/wireless/realtek/rtw89/core.c
@@ -2875,7 +2875,10 @@ void rtw89_core_scan_start(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif,
void rtw89_core_scan_complete(struct rtw89_dev *rtwdev,
struct ieee80211_vif *vif, bool hw_scan)
{
- struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
+ struct rtw89_vif *rtwvif = vif ? (struct rtw89_vif *)vif->drv_priv : NULL;
+
+ if (!rtwvif)
+ return;
ether_addr_copy(rtwvif->mac_addr, vif->addr);
rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, NULL);
diff --git a/drivers/net/wireless/realtek/rtw89/fw.c b/drivers/net/wireless/realtek/rtw89/fw.c
index 04f6da04781b..ab991e644a85 100644
--- a/drivers/net/wireless/realtek/rtw89/fw.c
+++ b/drivers/net/wireless/realtek/rtw89/fw.c
@@ -2261,7 +2261,7 @@ static int rtw89_hw_scan_add_chan_list(struct rtw89_dev *rtwdev,
list_add_tail(&ch_info->list, &chan_list);
off_chan_time += ch_info->period;
}
- rtw89_fw_h2c_scan_list_offload(rtwdev, list_len, &chan_list);
+ ret = rtw89_fw_h2c_scan_list_offload(rtwdev, list_len, &chan_list);
out:
list_for_each_entry_safe(ch_info, tmp, &chan_list, list) {
@@ -2372,7 +2372,7 @@ int rtw89_hw_scan_offload(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif,
if (ret)
goto out;
}
- rtw89_fw_h2c_scan_offload(rtwdev, &opt, rtwvif);
+ ret = rtw89_fw_h2c_scan_offload(rtwdev, &opt, rtwvif);
out:
return ret;
}
--
2.35.3
Reference in New Issue View Git Blame Copy Permalink