qcacld-3.0: Fix possible NULL pointer dereference (2fe4e290) · Commits · e / devices / android_kernel_fairphone_FP4

components/ipa/core/src/wlan_ipa_stats.c

+3 −4

Original line number	Diff line number	Diff line
		@@ -965,7 +965,6 @@ QDF_STATUS wlan_ipa_uc_op_metering(struct wlan_ipa_priv *ipa_ctx,
		struct ipa_uc_quota_rsp *uc_quota_rsp;
		struct ipa_uc_quota_ind *uc_quota_ind;
		struct wlan_ipa_iface_context *iface_ctx;
		uint32_t ifindex;
		uint64_t quota_bytes;

		if (msg->op_code == WLAN_IPA_UC_OPCODE_SHARING_STATS) {
		@@ -996,10 +995,10 @@ QDF_STATUS wlan_ipa_uc_op_metering(struct wlan_ipa_priv *ipa_ctx,

		/* send quota exceeded indication to IPA */
		iface_ctx = wlan_ipa_get_iface(ipa_ctx, QDF_STA_MODE);
		ifindex = iface_ctx->dev->ifindex;
		quota_bytes = uc_quota_ind->quota_bytes;
		if (iface_ctx)
		qdf_ipa_broadcast_wdi_quota_reach_ind(ifindex,
		qdf_ipa_broadcast_wdi_quota_reach_ind(
		iface_ctx->dev->ifindex,
		quota_bytes);
		else
		ipa_err("Failed quota_reach_ind: NULL interface");

+8 −3

Original line number	Diff line number	Diff line
		@@ -644,14 +644,19 @@ QDF_STATUS ol_txrx_ipa_cleanup(struct cdp_soc_t *soc_hdl, uint8_t pdev_id,
		struct ol_txrx_ipa_resources *ipa_res;
		struct ol_txrx_soc_t *soc = cds_get_context(QDF_MODULE_ID_SOC);
		qdf_device_t osdev = cds_get_context(QDF_MODULE_ID_QDF_DEVICE);
		ol_txrx_pdev_handle pdev =
		ol_txrx_get_pdev_from_pdev_id(soc, OL_TXRX_PDEV_ID);
		ol_txrx_pdev_handle pdev;

		if (!pdev \|\| !osdev) {
		if (!soc \|\| !osdev) {
		ol_txrx_err("%s invalid instance", __func__);
		return QDF_STATUS_E_FAILURE;
		}

		pdev = ol_txrx_get_pdev_from_pdev_id(soc, OL_TXRX_PDEV_ID);
		if (!pdev) {
		ol_txrx_err("%s NULL pdev invalid instance", __func__);
		return QDF_STATUS_E_FAILURE;
		}

		ipa_res = &pdev->ipa_resource;
		if (osdev->smmu_s1_enabled) {
		ret = pld_smmu_unmap(osdev->dev,