wlan: Validate ops functions for NULL pointer de-reference
Access to driver data structures during driver load unload,
results in kernel panic.
To mitigate the issue, validate the context before accessing
driver data structures.
Change-Id: I5a513c491c73c8ab0514597839d19fcc5d80eaf8
CRs-Fixed: 787915
diff --git a/CORE/HDD/src/wlan_hdd_dev_pwr.c b/CORE/HDD/src/wlan_hdd_dev_pwr.c
index 469a663..616c526 100644
--- a/CORE/HDD/src/wlan_hdd_dev_pwr.c
+++ b/CORE/HDD/src/wlan_hdd_dev_pwr.c
@@ -332,11 +332,13 @@
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO, "%s: WLAN suspended by platform driver",__func__);
/* Get the HDD context */
- if(!pHddCtx) {
- VOS_TRACE(VOS_MODULE_ID_HDD,VOS_TRACE_LEVEL_FATAL,"%s: HDD context is Null",__func__);
- return 0;
+ ret = wlan_hdd_validate_context(pHddCtx);
+ if (0 != ret)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: HDD context is not valid",__func__);
+ return ret;
}
-
if(pHddCtx->isWlanSuspended == TRUE)
{
VOS_TRACE(VOS_MODULE_ID_HDD,VOS_TRACE_LEVEL_FATAL,"%s: WLAN is already in suspended state",__func__);
@@ -385,11 +387,18 @@
int __hddDevResumeHdlr(struct device *dev)
{
hdd_context_t* pHddCtx = NULL;
-
- pHddCtx = (hdd_context_t*)wcnss_wlan_get_drvdata(dev);
+ int ret = 0;
VOS_TRACE(VOS_MODULE_ID_HDD,VOS_TRACE_LEVEL_INFO, "%s: WLAN being resumed by Android OS",__func__);
+ pHddCtx = (hdd_context_t*)wcnss_wlan_get_drvdata(dev);
+ ret = wlan_hdd_validate_context(pHddCtx);
+ if (0 != ret)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: HDD context is not valid ",__func__);
+ return ret;
+ }
if(pHddCtx->isWlanSuspended != TRUE)
{
VOS_TRACE(VOS_MODULE_ID_HDD,VOS_TRACE_LEVEL_FATAL,"%s: WLAN is already in resumed state",__func__);