wifi: ath12k: Add NULL check to validate tpc_stats

Commit Message

Roopni Devanathan Feb. 21, 2025, 4:12 a.m. UTC

While processing TPC stats received from firmware, there are chances that
the tpc_stats might not be filled and the data is not available. This can
happen under two scenarios. First, when firmware sends a non-zero event
count before event count 0. When this happens, tpc_stats will be checked
for data before memory allocation and the tpc_stats will be unavailable.
Second, when memory allocation failed when event count received is 0 and
the firmware still sends a non-zero event. When this happens, memory will
not be allocated for tpc_stats though event count is 0, so when non-zero
event count is received, tpc_stats will be empty. There are checks to
validate if tpc_stats variable is filled that are used in two subsequent
places, but these are placed after tpc_stats is dereference without
checking if it is NULL or has valid data.

Fix this by removing the mentioned checks and adding a NULL check after
assigning tpc_stats to check if it is valid.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1

Closes: https://scan7.scan.coverity.com/#/project-view/52668/11354?selectedIssue=1637145
Fixes: f0c3bb78e42f ("wifi: ath12k: Add Support to Parse TPC Event from Firmware")
Signed-off-by: Roopni Devanathan <quic_rdevanat@quicinc.com>
---
 drivers/net/wireless/ath/ath12k/wmi.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)


base-commit: 2dba67975394b47249189fcf975352105306962b

Comments

Vasanthakumar Thiagarajan Feb. 21, 2025, 4:20 a.m. UTC | #1

On 2/21/2025 9:42 AM, Roopni Devanathan wrote:
> While processing TPC stats received from firmware, there are chances that
> the tpc_stats might not be filled and the data is not available. This can
> happen under two scenarios. First, when firmware sends a non-zero event
> count before event count 0. When this happens, tpc_stats will be checked
> for data before memory allocation and the tpc_stats will be unavailable.
> Second, when memory allocation failed when event count received is 0 and
> the firmware still sends a non-zero event. When this happens, memory will
> not be allocated for tpc_stats though event count is 0, so when non-zero
> event count is received, tpc_stats will be empty. There are checks to
> validate if tpc_stats variable is filled that are used in two subsequent
> places, but these are placed after tpc_stats is dereference without
> checking if it is NULL or has valid data.
> 
> Fix this by removing the mentioned checks and adding a NULL check after
> assigning tpc_stats to check if it is valid.
> 
> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1
> 
> Closes: https://scan7.scan.coverity.com/#/project-view/52668/11354?selectedIssue=1637145
> Fixes: f0c3bb78e42f ("wifi: ath12k: Add Support to Parse TPC Event from Firmware")
> Signed-off-by: Roopni Devanathan <quic_rdevanat@quicinc.com>

Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>

Patch

diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c
index f934d49acee6..1866293f7159 100644
--- a/drivers/net/wireless/ath/ath12k/wmi.c
+++ b/drivers/net/wireless/ath/ath12k/wmi.c
@@ -8471,6 +8471,10 @@  static void ath12k_wmi_process_tpc_stats(struct ath12k_base *ab,
 	}
 
 	tpc_stats = ar->debug.tpc_stats;
+	if (!tpc_stats) {
+		ath12k_warn(ab, "tpc stats memory unavailable\n");
+		goto unlock;
+	}
 
 	if (!(event_count == 0)) {
 		if (event_count != tpc_stats->event_count + 1) {
@@ -8489,13 +8493,12 @@  static void ath12k_wmi_process_tpc_stats(struct ath12k_base *ab,
 				  ath12k_wmi_tpc_stats_event_parser,
 				  tpc_stats);
 	if (ret) {
-		if (tpc_stats)
-			ath12k_wmi_free_tpc_stats_mem(ar);
+		ath12k_wmi_free_tpc_stats_mem(ar);
 		ath12k_warn(ab, "failed to parse tpc_stats tlv: %d\n", ret);
 		goto unlock;
 	}
 
-	if (tpc_stats && tpc_stats->end_of_event)
+	if (tpc_stats->end_of_event)
 		complete(&ar->debug.tpc_complete);
 
 unlock: