Commit 62296b3e authored by Ajay Singh's avatar Ajay Singh Committed by Kalle Valo

wilc1000: add valid vmm_entry check before fetching from TX queue

'vmm_table' array contains the size of data buffer length including host
header length. In 'vmm_table' array, the Zero value means the end of
vmm_entries that needs to transfer to firmware which is calculated based on
VMM free size in firmware.

Use 'vmm_table' valid entry check before fetching the entry from TX queue to
only copy valid number of entries to avoid possible NULL pointer exception
observed sometimes during large file transfers.
Signed-off-by: default avatarAjay Singh <ajay.kathat@microchip.com>
Signed-off-by: default avatarKalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220504161924.2146601-5-ajay.kathat@microchip.com
parent 819b161b
...@@ -875,14 +875,15 @@ int wilc_wlan_handle_txq(struct wilc *wilc, u32 *txq_count) ...@@ -875,14 +875,15 @@ int wilc_wlan_handle_txq(struct wilc *wilc, u32 *txq_count)
char *bssid; char *bssid;
u8 mgmt_ptk = 0; u8 mgmt_ptk = 0;
if (vmm_table[i] == 0 || vmm_entries_ac[i] >= NQUEUES)
break;
tqe = wilc_wlan_txq_remove_from_head(wilc, vmm_entries_ac[i]); tqe = wilc_wlan_txq_remove_from_head(wilc, vmm_entries_ac[i]);
ac_pkt_num_to_chip[vmm_entries_ac[i]]++;
if (!tqe) if (!tqe)
break; break;
ac_pkt_num_to_chip[vmm_entries_ac[i]]++;
vif = tqe->vif; vif = tqe->vif;
if (vmm_table[i] == 0)
break;
le32_to_cpus(&vmm_table[i]); le32_to_cpus(&vmm_table[i]);
vmm_sz = FIELD_GET(WILC_VMM_BUFFER_SIZE, vmm_table[i]); vmm_sz = FIELD_GET(WILC_VMM_BUFFER_SIZE, vmm_table[i]);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment