| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 |
- From 3b12f42772c26869d60398c1710aa27b27cd945c Mon Sep 17 00:00:00 2001
- From: Daniel Golle <[email protected]>
- Date: Mon, 21 Aug 2023 17:12:44 +0100
- Subject: [PATCH 109/250] net: ethernet: mtk_eth_soc: fix NULL pointer on hw
- reset
- When a hardware reset is triggered on devices not initializing WED the
- calls to mtk_wed_fe_reset and mtk_wed_fe_reset_complete dereference a
- pointer on uninitialized stack memory.
- Break out of both functions in case a hw_list entry is 0.
- Fixes: 08a764a7c51b ("net: ethernet: mtk_wed: add reset/reset_complete callbacks")
- Signed-off-by: Daniel Golle <[email protected]>
- Reviewed-by: Simon Horman <[email protected]>
- Acked-by: Lorenzo Bianconi <[email protected]>
- Link: https://lore.kernel.org/r/5465c1609b464cc7407ae1530c40821dcdf9d3e6.1692634266.git.daniel@makrotopia.org
- Signed-off-by: Jakub Kicinski <[email protected]>
- ---
- drivers/net/ethernet/mediatek/mtk_wed.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
- --- a/drivers/net/ethernet/mediatek/mtk_wed.c
- +++ b/drivers/net/ethernet/mediatek/mtk_wed.c
- @@ -214,9 +214,13 @@ void mtk_wed_fe_reset(void)
-
- for (i = 0; i < ARRAY_SIZE(hw_list); i++) {
- struct mtk_wed_hw *hw = hw_list[i];
- - struct mtk_wed_device *dev = hw->wed_dev;
- + struct mtk_wed_device *dev;
- int err;
-
- + if (!hw)
- + break;
- +
- + dev = hw->wed_dev;
- if (!dev || !dev->wlan.reset)
- continue;
-
- @@ -237,8 +241,12 @@ void mtk_wed_fe_reset_complete(void)
-
- for (i = 0; i < ARRAY_SIZE(hw_list); i++) {
- struct mtk_wed_hw *hw = hw_list[i];
- - struct mtk_wed_device *dev = hw->wed_dev;
- + struct mtk_wed_device *dev;
- +
- + if (!hw)
- + break;
-
- + dev = hw->wed_dev;
- if (!dev || !dev->wlan.reset_complete)
- continue;
-
|
