diff mbox series

[SRU,Jammy:linux-intel-iotg,1/1,BUGFIX] wifi: iwlwifi: avoid a NULL pointer dereference

Message ID 20230607121556.105917-2-jianhui.lee@canonical.com
State New
Headers show
Series wifi: iwlwifi: system hang after running stress-ng softlockup stressor while iwlwifi is connected to the station | expand

Commit Message

Jian Hui Lee June 7, 2023, 12:15 p.m. UTC 
From: Avraham Stern <avraham.stern@intel.com>

BugLink: https://bugs.launchpad.net/bugs/2023176

It possible that while the rx rb is being handled, the transport has
been stopped and re-started. In this case the tx queue pointer is not
yet initialized, which will lead to a NULL pointer dereference.
Fix it.

type=bugfix
ticket=jira:WIFI-301032
fixes=unknown

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Change-Id: I0b84daae753ba9612092bf383f5c6f761446e964
Reviewed-on: https://gerritwcs.ir.intel.com/c/iwlwifi-stack-dev/+/53643
automatic-review: iil_jenkins <EC.GER.UNIX.IIL.JENKINS@INTEL.COM>
tested: iil_jenkins <EC.GER.UNIX.IIL.JENKINS@INTEL.COM>
Tested-by: iil_jenkins <EC.GER.UNIX.IIL.JENKINS@INTEL.COM>
Reviewed-by: Greenman, Gregory <gregory.greenman@intel.com>
x-iwlwifi-stack-dev: f00afe4575bc2b7918fc22df38fdf76493c7312c
(backported from commit a445467936a699cd1a8064633ad67e5f3583fbf1 https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/backport-iwlwifi.git/)
[jianhui: no version file in kernel tree like intel]
Signed-off-by: Jian Hui Lee <jianhui.lee@canonical.com>
---
 drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
index fea89330f692..6a1d83c17b85 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
@@ -1356,7 +1356,7 @@  static void iwl_pcie_rx_handle_rb(struct iwl_trans *trans,
 		 * if it is true then one of the handlers took the page.
 		 */
 
-		if (reclaim) {
+		if (reclaim && txq) {
 			u16 sequence = le16_to_cpu(pkt->hdr.sequence);
 			int index = SEQ_TO_INDEX(sequence);
 			int cmd_index = iwl_txq_get_cmd_index(txq, index);