bcmdhd: check NULL pointer in cfg80211 callbacks

some of the callbacks does not have the NULL pointer check for wl. So, add wl NULL check for every function. If net device gets unregistered and there is another call on wl, kernel crash happens. This will avoid all the crashes. Bug 200015171 Change-Id: I15a7de6ba36caf7037c7a37a530f1829e2f94cf0 Signed-off-by: bibhayr <bibhayr@nvidia.com> Reviewed-on: http://git-master/r/432450 (cherry picked from commit dbdc9e41eed97b0e9f29651f0f2c70c056165338) Reviewed-on: http://git-master/r/435722 GVS: Gerrit_Virtual_Submit Reviewed-by: Anshul Jain (SW) <anshulj@nvidia.com> Tested-by: Anshul Jain (SW) <anshulj@nvidia.com>
author: bibhayr <bibhayr@nvidia.com> 2014-06-27 19:25:11 -0700
committer: Mandar Padmawar <mpadmawar@nvidia.com> 2014-07-10 02:05:21 -0700
commit: deb02a1ab10c39d762160f8b5c37d58d50be96e2 (patch)
tree: 7bae114f31c690958a475d4275c0eacd9a7bfa55
parent: 630e52e4a8c9cfece1acf289b5d02f4ede7dc358 (diff)
1 files changed, 45 insertions, 0 deletions
diff --git a/drivers/net/wireless/bcmdhd/wl_cfg80211.c b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
index 4de074a70c02..6e705740ce9e 100755
--- a/drivers/net/wireless/bcmdhd/wl_cfg80211.c
+++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
@@ -1370,6 +1370,9 @@ wl_cfg80211_del_virtual_iface(struct wiphy *wiphy, bcm_struct_cfgdev *cfgdev)
 	s32 index = -1;
 	WL_DBG(("Enter\n"));
 
+	if (!wl)
+		return ERR_PTR(-EINVAL);
+
 #if defined(WL_CFG80211_P2P_DEV_IF)
 	if (cfgdev->iftype == NL80211_IFTYPE_P2P_DEVICE) {
 		return wl_cfgp2p_del_p2p_disc_if(cfgdev);
@@ -1474,6 +1477,9 @@ wl_cfg80211_change_virtual_iface(struct wiphy *wiphy, struct net_device *ndev,
 	struct wl_priv *wl = wiphy_priv(wiphy);
 	dhd_pub_t *dhd = (dhd_pub_t *)(wl->pub);
 	WL_DBG(("Enter type %d\n", type));
+
+	if (!wl)
+		return ERR_PTR(-EINVAL);
 	switch (type) {
 	case NL80211_IFTYPE_MONITOR:
 	case NL80211_IFTYPE_WDS:
@@ -3836,6 +3842,10 @@ wl_cfg80211_del_key(struct wiphy *wiphy, struct net_device *dev,
 	struct wl_priv *wl = wiphy_priv(wiphy);
 	s32 err = 0;
 	s32 bssidx;
+
+	if (!wl)
+		return ERR_PTR(-EINVAL);
+
 	if (wl_cfgp2p_find_idx(wl, dev, &bssidx) != BCME_OK) {
 		WL_ERR(("Find p2p index from dev(%p) failed\n", dev));
 		return BCME_ERROR;
@@ -4406,6 +4416,9 @@ wl_cfg80211_remain_on_channel(struct wiphy *wiphy, bcm_struct_cfgdev *cfgdev,
 	struct net_device *ndev = NULL;
 	struct wl_priv *wl = wiphy_priv(wiphy);
 
+	if (!wl)
+		return ERR_PTR(-EINVAL);
+
 	ndev = cfgdev_to_wlc_ndev(cfgdev, wl);
 
 	WL_DBG(("Enter, channel: %d, duration ms (%d) SCANNING ?? %s \n",
@@ -5007,6 +5020,8 @@ wl_cfg80211_mgmt_tx(struct wiphy *wiphy, bcm_struct_cfgdev *cfgdev,
 
 	WL_DBG(("Enter \n"));
 
+	if (!wl)
+		return ERR_PTR(-EINVAL);
 	dev = cfgdev_to_wlc_ndev(cfgdev, wl);
 
 	/* find bssidx based on dev */
@@ -5197,6 +5212,8 @@ wl_cfg80211_set_channel(struct wiphy *wiphy, struct net_device *dev,
 	} param = {0, 0};
 	struct wl_priv *wl = wiphy_priv(wiphy);
 
+	if (!wl)
+		return ERR_PTR(-EINVAL);
 	dev = ndev_to_wlc_ndev(dev, wl);
 	_chan = ieee80211_frequency_to_channel(chan->center_freq);
 	WL_ERR(("netdev_ifidx(%d), chan_type(%d) target channel(%d) \n",
@@ -6013,6 +6030,9 @@ wl_cfg80211_del_station(
 		return 0;
 	}
 
+	if (!wl)
+		return ERR_PTR(-EINVAL);
+
 	dev = ndev_to_wlc_ndev(ndev, wl);
 
 	if (p2p_is_on(wl)) {
@@ -6064,6 +6084,10 @@ wl_cfg80211_start_ap(
 	u32 dev_role = 0;
 
 	WL_DBG(("Enter \n"));
+
+	if (!wl)
+		return ERR_PTR(-EINVAL);
+
 	if (dev == wl_to_prmry_ndev(wl)) {
 		WL_DBG(("Start AP req on primary iface: Softap\n"));
 		dev_role = NL80211_IFTYPE_AP;
@@ -6152,6 +6176,10 @@ wl_cfg80211_stop_ap(
 	struct wl_priv *wl = wiphy_priv(wiphy);
 
 	WL_DBG(("Enter \n"));
+
+	if (!wl)
+		return ERR_PTR(-EINVAL);
+
 	if (dev == wl_to_prmry_ndev(wl)) {
 		dev_role = NL80211_IFTYPE_AP;
 	}
@@ -6230,6 +6258,8 @@ wl_cfg80211_change_beacon(
 
 	WL_DBG(("Enter \n"));
 
+	if (!wl)
+		return ERR_PTR(-EINVAL);
 	if (dev == wl_to_prmry_ndev(wl)) {
 		dev_role = NL80211_IFTYPE_AP;
 	}
@@ -6292,6 +6322,9 @@ wl_cfg80211_add_set_beacon(struct wiphy *wiphy, struct net_device *dev,
 	WL_DBG(("interval (%d) dtim_period (%d) head_len (%d) tail_len (%d)\n",
 		info->interval, info->dtim_period, info->head_len, info->tail_len));
 
+	if (!wl)
+		return ERR_PTR(-EINVAL);
+
 	if (dev == wl_to_prmry_ndev(wl)) {
 		dev_role = NL80211_IFTYPE_AP;
 	}
@@ -6424,6 +6457,10 @@ int wl_cfg80211_sched_scan_start(struct wiphy *wiphy,
 	int ret = 0;
 
 	WL_DBG(("Enter \n"));
+
+	if (!wl)
+		return ERR_PTR(-EINVAL);
+
 	WL_PNO((">>> SCHED SCAN START\n"));
 	WL_PNO(("Enter n_match_sets:%d   n_ssids:%d \n",
 		request->n_match_sets, request->n_ssids));
@@ -6478,6 +6515,10 @@ int wl_cfg80211_sched_scan_stop(struct wiphy *wiphy, struct net_device *dev)
 	struct wl_priv *wl = wiphy_priv(wiphy);
 
 	WL_DBG(("Enter \n"));
+
+	if (!wl)
+		return ERR_PTR(-EINVAL);
+
 	WL_PNO((">>> SCHED SCAN STOP\n"));
 
 	if (dhd_dev_pno_stop_for_ssid(dev) < 0)
@@ -10690,6 +10731,10 @@ wl_cfg80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev,
 	s32 ret = 0;
 #ifdef WLTDLS
 	struct wl_priv *wl = wlcfg_drv_priv;
+
+	if (!wl)
+		return ERR_PTR(-EINVAL);
+
 	tdls_iovar_t info;
 	dhd_pub_t *dhd = (dhd_pub_t *)(wl->pub);
 	memset(&info, 0, sizeof(tdls_iovar_t));
author	bibhayr <bibhayr@nvidia.com>	2014-06-27 19:25:11 -0700
committer	Mandar Padmawar <mpadmawar@nvidia.com>	2014-07-10 02:05:21 -0700
commit	deb02a1ab10c39d762160f8b5c37d58d50be96e2 (patch)
tree	7bae114f31c690958a475d4275c0eacd9a7bfa55
parent	630e52e4a8c9cfece1acf289b5d02f4ede7dc358 (diff)