Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-09 15:29:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

staging: r8188eu: remove rtw_hal_c2h_id_filter_ccx function

Browse Source 
Remove rtw_hal_c2h_id_filter_ccx from hal/hal_intf.c and its one caller
from core/rtw_cmd.c. This function is a wrapper function which returns
the c2h_id_filter_ccx function pointer of struct hal_ops unconditionally.
As this function pointer is never set, and the function call's return
value is subsequently called inside an if condition, this could lead to
an attempt to deference a NULL pointer, which would crash the driver.

Signed-off-by: Phillip Potter <phil@philpotter.co.uk>
Link: https://lore.kernel.org/r/20210906010106.898-14-phil@philpotter.co.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Phillip Potter 2021-09-06 02:01:05 +01:00 committed by Greg Kroah-Hartman
parent 6778b4bc34
commit 22bf044b03
3 changed files with 2 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
drivers/staging/r8188eu/core/rtw_cmd.c
View File

@ -1865,7 +1865,6 @@ static void c2h_wk_callback(struct work_struct *work)
struct evt_priv *evtpriv = container_of(work, struct evt_priv, c2h_wk);
struct adapter *adapter = container_of(evtpriv, struct adapter, evtpriv);
struct c2h_evt_hdr *c2h_evt;
c2h_id_filter ccx_id_filter = rtw_hal_c2h_id_filter_ccx(adapter);
evtpriv->c2h_wk_alive = true;
@ -1895,14 +1894,10 @@ static void c2h_wk_callback(struct work_struct *work)
continue;
}
if (ccx_id_filter(c2h_evt->id)) {
kfree(c2h_evt);
} else {
#ifdef CONFIG_88EU_P2P
/* Enqueue into cmd_thread for others */
rtw_c2h_wk_cmd(adapter, (u8 *)c2h_evt);
/* Enqueue into cmd_thread for others */
rtw_c2h_wk_cmd(adapter, (u8 *)c2h_evt);
#endif
}
}
evtpriv->c2h_wk_alive = false;

5
drivers/staging/r8188eu/hal/hal_intf.c
View File

@ -353,8 +353,3 @@ void rtw_hal_notch_filter(struct adapter *adapter, bool enable)
if (adapter->HalFunc.hal_notch_filter)
adapter->HalFunc.hal_notch_filter(adapter, enable);
}
c2h_id_filter rtw_hal_c2h_id_filter_ccx(struct adapter *adapter)
{
return adapter->HalFunc.c2h_id_filter_ccx;
}

1
drivers/staging/r8188eu/include/hal_intf.h
View File

@ -331,7 +331,6 @@ int rtw_hal_iol_cmd(struct adapter *adapter, struct xmit_frame *xmit_frame,
void rtw_hal_notch_filter(struct adapter *adapter, bool enable);
c2h_id_filter rtw_hal_c2h_id_filter_ccx(struct adapter *adapter);
void indicate_wx_scan_complete_event(struct adapter *padapter);
u8 rtw_do_join(struct adapter *padapter);