wifi: ath10k: reset pointer after memory free to avoid potential use-after-free

When running suspend test, kernel crash happened in ath10k, and it is
fixed by commit b72a4aff947b ("ath10k: skip ath10k_halt during suspend
for driver state RESTARTING").

Currently the crash is fixed, but as a common code style, it is better
to set the pointer to NULL after memory is free.

This is to address the code style and it will avoid potential bug of
use-after-free.

Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220505092248.787-1-quic_wgong@quicinc.com

diff --git a/drivers/net/wireless/ath/ath10k/htt_rx.c b/drivers/net/wireless/ath/ath10k/htt_rx.c
index be02ab27a49b9b19cd54bf4919100d4b6006604a..e76aab9733208ff70bb0ea19317ba3c093ef36d7 100644 (file)
--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
@@ -301,12 +301,16 @@ void ath10k_htt_rx_free(struct ath10k_htt *htt)
                          ath10k_htt_get_vaddr_ring(htt),
                          htt->rx_ring.base_paddr);
 
+       ath10k_htt_config_paddrs_ring(htt, NULL);
+
        dma_free_coherent(htt->ar->dev,
                          sizeof(*htt->rx_ring.alloc_idx.vaddr),
                          htt->rx_ring.alloc_idx.vaddr,
                          htt->rx_ring.alloc_idx.paddr);
+       htt->rx_ring.alloc_idx.vaddr = NULL;
 
        kfree(htt->rx_ring.netbufs_ring);
+       htt->rx_ring.netbufs_ring = NULL;
 }
 
 static inline struct sk_buff *ath10k_htt_rx_netbuf_pop(struct ath10k_htt *htt)
@@ -846,8 +850,10 @@ err_dma_idx:
                          ath10k_htt_get_rx_ring_size(htt),
                          vaddr_ring,
                          htt->rx_ring.base_paddr);
+       ath10k_htt_config_paddrs_ring(htt, NULL);
 err_dma_ring:
        kfree(htt->rx_ring.netbufs_ring);
+       htt->rx_ring.netbufs_ring = NULL;
 err_netbuf:
        return -ENOMEM;
 }