I'm not a standards expert, but this really looks to be undefined
behavior, when chip->dig_cck may be NULL. (And, we're trying to do a
NULL check a few lines down, because some chip variants will use NULL.)
Fixes: fc637a860a82 ("rtw88: 8723d: Set IG register for CCK rate")
Signed-off-by: Brian Norris <[email protected]>
---
drivers/net/wireless/realtek/rtw88/phy.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw88/phy.c b/drivers/net/wireless/realtek/rtw88/phy.c
index 8d93f3159746..9687b376d221 100644
--- a/drivers/net/wireless/realtek/rtw88/phy.c
+++ b/drivers/net/wireless/realtek/rtw88/phy.c
@@ -147,12 +147,13 @@ void rtw_phy_dig_write(struct rtw_dev *rtwdev, u8 igi)
{
struct rtw_chip_info *chip = rtwdev->chip;
struct rtw_hal *hal = &rtwdev->hal;
- const struct rtw_hw_reg *dig_cck = &chip->dig_cck[0];
u32 addr, mask;
u8 path;
- if (dig_cck)
+ if (chip->dig_cck) {
+ const struct rtw_hw_reg *dig_cck = &chip->dig_cck[0];
rtw_write32_mask(rtwdev, dig_cck->addr, dig_cck->mask, igi >> 1);
+ }
for (path = 0; path < hal->rf_path_num; path++) {
addr = chip->dig[path].addr;
--
2.28.0.297.g1956fa8f8d-goog
>
> I'm not a standards expert, but this really looks to be undefined
> behavior, when chip->dig_cck may be NULL. (And, we're trying to do a
> NULL check a few lines down, because some chip variants will use NULL.)
>
> Fixes: fc637a860a82 ("rtw88: 8723d: Set IG register for CCK rate")
Acked-by: Yan-Hsuan Chuang <[email protected]>
> Signed-off-by: Brian Norris <[email protected]>
> ---
> drivers/net/wireless/realtek/rtw88/phy.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/wireless/realtek/rtw88/phy.c
> b/drivers/net/wireless/realtek/rtw88/phy.c
> index 8d93f3159746..9687b376d221 100644
> --- a/drivers/net/wireless/realtek/rtw88/phy.c
> +++ b/drivers/net/wireless/realtek/rtw88/phy.c
> @@ -147,12 +147,13 @@ void rtw_phy_dig_write(struct rtw_dev *rtwdev, u8
> igi)
> {
> struct rtw_chip_info *chip = rtwdev->chip;
> struct rtw_hal *hal = &rtwdev->hal;
> - const struct rtw_hw_reg *dig_cck = &chip->dig_cck[0];
> u32 addr, mask;
> u8 path;
>
> - if (dig_cck)
> + if (chip->dig_cck) {
> + const struct rtw_hw_reg *dig_cck = &chip->dig_cck[0];
> rtw_write32_mask(rtwdev, dig_cck->addr, dig_cck->mask, igi >> 1);
> + }
>
> for (path = 0; path < hal->rf_path_num; path++) {
> addr = chip->dig[path].addr;
Thanks.
Yen-Hsuan
Brian Norris <[email protected]> wrote:
> I'm not a standards expert, but this really looks to be undefined
> behavior, when chip->dig_cck may be NULL. (And, we're trying to do a
> NULL check a few lines down, because some chip variants will use NULL.)
>
> Fixes: fc637a860a82 ("rtw88: 8723d: Set IG register for CCK rate")
> Signed-off-by: Brian Norris <[email protected]>
> Acked-by: Yan-Hsuan Chuang <[email protected]>
Patch applied to wireless-drivers-next.git, thanks.
22b726cbdd09 rtw88: don't treat NULL pointer as an array
--
https://patchwork.kernel.org/patch/11730581/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches