diff options
author | Alex Elder <elder@linaro.org> | 2022-11-16 23:37:18 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2022-11-18 12:46:18 +0100 |
commit | 15b4f993d12b5bb81f50a1ce0693343fb7a94fcf (patch) | |
tree | 3875c6c2eb3a91bab272eb82d95d7fc3efc7238b /drivers/net/ipa/ipa_table.c | |
parent | Merge tag 'wireless-next-2022-11-18' of git://git.kernel.org/pub/scm/linux/ke... (diff) | |
download | linux-15b4f993d12b5bb81f50a1ce0693343fb7a94fcf.tar.xz linux-15b4f993d12b5bb81f50a1ce0693343fb7a94fcf.zip |
net: ipa: avoid a null pointer dereference
Dan Carpenter reported that Smatch found an instance where a pointer
which had previously been assumed could be null (as indicated by a
null check) was later dereferenced without a similar check.
In practice this doesn't lead to a problem because currently the
pointers used are all non-null. Nevertheless this patch addresses
the reported problem.
In addition, I spotted another bug that arose in the same commit.
When the command to initialize a routing table memory region was
added, the number of entries computed for the non-hashed table
was wrong (it ended up being a Boolean rather than the count
intended). This bug is fixed here as well.
Reported-by: Dan Carpenter <error27@gmail.com>
Link: https://lore.kernel.org/kernel-janitors/Y3OOP9dXK6oEydkf@kili
Tested-by: Caleb Connolly <caleb.connolly@linaro.com>
Fixes: 5cb76899fb47 ("net: ipa: reduce arguments to ipa_table_init_add()")
Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to '')
-rw-r--r-- | drivers/net/ipa/ipa_table.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/drivers/net/ipa/ipa_table.c b/drivers/net/ipa/ipa_table.c index cc9349a1d4df..b81e27b61354 100644 --- a/drivers/net/ipa/ipa_table.c +++ b/drivers/net/ipa/ipa_table.c @@ -382,6 +382,7 @@ static void ipa_table_init_add(struct gsi_trans *trans, bool filter, bool ipv6) const struct ipa_mem *mem; dma_addr_t hash_addr; dma_addr_t addr; + u32 hash_offset; u32 zero_offset; u16 hash_count; u32 zero_size; @@ -394,8 +395,10 @@ static void ipa_table_init_add(struct gsi_trans *trans, bool filter, bool ipv6) : ipv6 ? IPA_CMD_IP_V6_ROUTING_INIT : IPA_CMD_IP_V4_ROUTING_INIT; + /* The non-hashed region will exist (see ipa_table_mem_valid()) */ mem = ipa_table_mem(ipa, filter, false, ipv6); hash_mem = ipa_table_mem(ipa, filter, true, ipv6); + hash_offset = hash_mem ? hash_mem->offset : 0; /* Compute the number of table entries to initialize */ if (filter) { @@ -411,7 +414,7 @@ static void ipa_table_init_add(struct gsi_trans *trans, bool filter, bool ipv6) * of entries it has. */ count = mem->size / sizeof(__le64); - hash_count = hash_mem && hash_mem->size / sizeof(__le64); + hash_count = hash_mem ? hash_mem->size / sizeof(__le64) : 0; } size = count * sizeof(__le64); hash_size = hash_count * sizeof(__le64); @@ -420,7 +423,7 @@ static void ipa_table_init_add(struct gsi_trans *trans, bool filter, bool ipv6) hash_addr = ipa_table_addr(ipa, filter, hash_count); ipa_cmd_table_init_add(trans, opcode, size, mem->offset, addr, - hash_size, hash_mem->offset, hash_addr); + hash_size, hash_offset, hash_addr); if (!filter) return; @@ -433,7 +436,7 @@ static void ipa_table_init_add(struct gsi_trans *trans, bool filter, bool ipv6) return; /* Zero the unused space in the hashed filter table */ - zero_offset = hash_mem->offset + hash_size; + zero_offset = hash_offset + hash_size; zero_size = hash_mem->size - hash_size; ipa_cmd_dma_shared_mem_add(trans, zero_offset, zero_size, ipa->zero_addr, true); |