iwlwifi: queue: don't crash if txq->entries is NULL (0f8d5656) · Commits · EulixOS / Software / Kernel

drivers/net/wireless/intel/iwlwifi/queue/tx.c

+24 −25

Original line number	Diff line number	Diff line
		@@ -142,16 +142,16 @@ void iwl_txq_gen2_free_tfd(struct iwl_trans trans, struct iwl_txq txq)
		* idx is bounded by n_window
		*/
		int idx = iwl_txq_get_cmd_index(txq, txq->read_ptr);
		struct sk_buff *skb;

		lockdep_assert_held(&txq->lock);

		if (!txq->entries)
		return;

		iwl_txq_gen2_tfd_unmap(trans, &txq->entries[idx].meta,
		iwl_txq_get_tfd(trans, txq, idx));

		/* free SKB */
		if (txq->entries) {
		struct sk_buff *skb;

		skb = txq->entries[idx].skb;

		/* Can be called from irqs-disabled context
		@@ -163,7 +163,6 @@ void iwl_txq_gen2_free_tfd(struct iwl_trans trans, struct iwl_txq txq)
		txq->entries[idx].skb = NULL;
		}
		}
		}

		int iwl_txq_gen2_set_tb(struct iwl_trans trans, struct iwl_tfh_tfd tfd,
		dma_addr_t addr, u16 len)
		@@ -1494,18 +1493,19 @@ void iwl_txq_free_tfd(struct iwl_trans trans, struct iwl_txq txq)
		*/
		int rd_ptr = txq->read_ptr;
		int idx = iwl_txq_get_cmd_index(txq, rd_ptr);
		struct sk_buff *skb;

		lockdep_assert_held(&txq->lock);

		if (!txq->entries)
		return;

		/* We have only q->n_window txq->entries, but we use
		* TFD_QUEUE_SIZE_MAX tfds
		*/
		iwl_txq_gen1_tfd_unmap(trans, &txq->entries[idx].meta, txq, rd_ptr);

		/* free SKB */
		if (txq->entries) {
		struct sk_buff *skb;

		skb = txq->entries[idx].skb;

		/* Can be called from irqs-disabled context
		@@ -1517,7 +1517,6 @@ void iwl_txq_free_tfd(struct iwl_trans trans, struct iwl_txq txq)
		txq->entries[idx].skb = NULL;
		}
		}
		}

		void iwl_txq_progress(struct iwl_txq *txq)
		{