>From 85913eb9a7b61e2baae3818e69afe79b76e122d2 Mon Sep 17 00:00:00 2001 From: Nobuhiro Iwamatsu Date: Thu, 25 Feb 2021 17:30:47 +0900 Subject: [PATCH] iwlwifi: pcie: fix to correct null check The fixes made in commit: 4ae5798004d8 ("iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap") is not enough. This still have problems with null references. This provides the correct fix. Also, this is a problem only in 4.4.y. This patch has been applied to other LTS trees, but with the correct fixes. Fixes: 4ae5798004d8 ("iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap") Cc: stable@vger.kernel.org Signed-off-by: Nobuhiro Iwamatsu (CIP) --- drivers/net/wireless/iwlwifi/pcie/tx.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/iwlwifi/pcie/tx.c b/drivers/net/wireless/iwlwifi/pcie/tx.c index cb03c2855019..7584796131fa 100644 --- a/drivers/net/wireless/iwlwifi/pcie/tx.c +++ b/drivers/net/wireless/iwlwifi/pcie/tx.c @@ -583,13 +583,15 @@ static void iwl_pcie_txq_unmap(struct iwl_trans *trans, int txq_id) { struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); struct iwl_txq *txq = &trans_pcie->txq[txq_id]; - struct iwl_queue *q = &txq->q; + struct iwl_queue *q; if (!txq) { IWL_ERR(trans, "Trying to free a queue that wasn't allocated?\n"); return; } + q = &txq->q; + spin_lock_bh(&txq->lock); while (q->write_ptr != q->read_ptr) { IWL_DEBUG_TX_REPLY(trans, "Q %d Free %d\n", -- 2.30.0.rc2