| From a68d3e1dbd65ff3c3adfe0698b7489e875257c76 Mon Sep 17 00:00:00 2001 |
| From: Johannes Berg <johannes.berg@intel.com> |
| Date: Tue, 5 Mar 2019 10:31:11 +0100 |
| Subject: iwlwifi: pcie: don't crash on invalid RX interrupt |
| |
| [ Upstream commit 30f24eabab8cd801064c5c37589d803cb4341929 ] |
| |
| If for some reason the device gives us an RX interrupt before we're |
| ready for it, perhaps during device power-on with misconfigured IRQ |
| causes mapping or so, we can crash trying to access the queues. |
| |
| Prevent that by checking that we actually have RXQs and that they |
| were properly allocated. |
| |
| Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
| Signed-off-by: Luca Coelho <luciano.coelho@intel.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 7 ++++++- |
| 1 file changed, 6 insertions(+), 1 deletion(-) |
| |
| diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c |
| index a40ad4675e19e..953e0254a94c1 100644 |
| --- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c |
| +++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c |
| @@ -1252,10 +1252,15 @@ static void iwl_pcie_rx_handle_rb(struct iwl_trans *trans, |
| static void iwl_pcie_rx_handle(struct iwl_trans *trans, int queue) |
| { |
| struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); |
| - struct iwl_rxq *rxq = &trans_pcie->rxq[queue]; |
| + struct iwl_rxq *rxq; |
| u32 r, i, count = 0; |
| bool emergency = false; |
| |
| + if (WARN_ON_ONCE(!trans_pcie->rxq || !trans_pcie->rxq[queue].bd)) |
| + return; |
| + |
| + rxq = &trans_pcie->rxq[queue]; |
| + |
| restart: |
| spin_lock(&rxq->lock); |
| /* uCode's read index (stored in shared DRAM) indicates the last Rx |
| -- |
| 2.20.1 |
| |
