mwifiex: fix NULL pointer dereference during suspend

This patch fixes below NULL pointer dereference observed in suspend stress test. When scan is cancelled during system suspend, we may end up aceesing "priv->scan_request" in corner case. [ 3035.304682] BUG: KASAN: null-ptr-deref on address 0000000000000008 [ 3035.304704] Read of size 4 by task ksdioirqd/mmc2/1183 [ 3035.304744] CPU: 0 PID: 1183 Comm: ksdioirqd/mmc2 Tainted: G W 3.18.0 #1169 [ 3035.304772] Call trace: [ 3035.304825] [<ffffffc00020a520>] dump_backtrace+0x0/0x190 [ 3035.304864] [<ffffffc00020a6cc>] show_stack+0x1c/0x28 [ 3035.304901] [<ffffffc000b36db8>] dump_stack+0xa0/0xf8 [ 3035.304940] [<ffffffc00039c494>] kasan_report+0x120/0x4fc [ 3035.304975] [<ffffffc00039b6b4>] __asan_load4+0x20/0x80 [ 3035.305546] [<ffffffbffc1f5aec>] mwifiex_check_next_scan_command+0x1a4/0x588 [mwifiex] [ 3035.306091] [<ffffffbffc1f7aec>] mwifiex_handle_event_ext_scan_report+0x304/0x370 [mwifiex] [ 3035.306735] [<ffffffbffc206bb8>] mwifiex_process_sta_event+0x6c0/0xf10 [mwifiex] [ 3035.307200] [<ffffffbffc1e609c>] mwifiex_process_event+0x2f4/0x358 [mwifiex] [ 3035.307612] [<ffffffbffc1e25c8>] mwifiex_main_process+0x3cc/0x80c [mwifiex] [ 3035.307737] [<ffffffbffc2523a0>] mwifiex_sdio_interrupt+0x198/0x1c0 [mwifiex_sdio] [ 3035.307785] [<ffffffc0008d9250>] process_sdio_pending_irqs+0x15c/0x1d4 [ 3035.307826] [<ffffffc0008d93f0>] sdio_irq_thread+0xd8/0x288 Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
author: Amitkumar Karwar 2016-06-27 10:46:29 +0200
committer: Kalle Valo 2016-07-08 11:59:28 +0200
commit: 16d25da94f3d6542a0bbd25a85d247c970026f8a (patch)
tree: fba5b2b6902a5948b204298e532987bbe1f27ea4 /drivers/net/wireless/marvell/mwifiex/scan.c
parent: mwifiex: clear scan_aborting flag (diff)
download: kernel-qcow2-linux-16d25da94f3d6542a0bbd25a85d247c970026f8a.tar.gz
kernel-qcow2-linux-16d25da94f3d6542a0bbd25a85d247c970026f8a.tar.xz
kernel-qcow2-linux-16d25da94f3d6542a0bbd25a85d247c970026f8a.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c
index 96d0d8652678..87e700009fd0 100644
--- a/drivers/net/wireless/marvell/mwifiex/scan.c
+++ b/drivers/net/wireless/marvell/mwifiex/scan.c
@@ -1896,7 +1896,8 @@ mwifiex_active_scan_req_for_passive_chan(struct mwifiex_private *priv)
 	u8 id = 0;
 	struct mwifiex_user_scan_cfg  *user_scan_cfg;
 
-	if (adapter->active_scan_triggered || !priv->scan_request) {
+	if (adapter->active_scan_triggered || !priv->scan_request ||
+	    priv->scan_aborting) {
 		adapter->active_scan_triggered = false;
 		return 0;
 	}
author	Amitkumar Karwar	2016-06-27 10:46:29 +0200
committer	Kalle Valo	2016-07-08 11:59:28 +0200
commit	16d25da94f3d6542a0bbd25a85d247c970026f8a (patch)
tree	fba5b2b6902a5948b204298e532987bbe1f27ea4 /drivers/net/wireless/marvell/mwifiex/scan.c
parent	mwifiex: clear scan_aborting flag (diff)
download	kernel-qcow2-linux-16d25da94f3d6542a0bbd25a85d247c970026f8a.tar.gz kernel-qcow2-linux-16d25da94f3d6542a0bbd25a85d247c970026f8a.tar.xz kernel-qcow2-linux-16d25da94f3d6542a0bbd25a85d247c970026f8a.zip