From: Phillip Potter <phil@philpotter.co.uk>
Date: Mon, 6 Sep 2021 01:01:05 +0000 (+0100)
Subject: staging: r8188eu: remove rtw_hal_c2h_id_filter_ccx function
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=22bf044b03698e36d9aaee3738d27a2b1bb204e2;p=linux.git

staging: r8188eu: remove rtw_hal_c2h_id_filter_ccx function

Remove rtw_hal_c2h_id_filter_ccx from hal/hal_intf.c and its one caller
from core/rtw_cmd.c. This function is a wrapper function which returns
the c2h_id_filter_ccx function pointer of struct hal_ops unconditionally.
As this function pointer is never set, and the function call's return
value is subsequently called inside an if condition, this could lead to
an attempt to deference a NULL pointer, which would crash the driver.

Signed-off-by: Phillip Potter <phil@philpotter.co.uk>
Link: https://lore.kernel.org/r/20210906010106.898-14-phil@philpotter.co.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/staging/r8188eu/core/rtw_cmd.c b/drivers/staging/r8188eu/core/rtw_cmd.c
index fee4208dacbac..738e1ec749bec 100644
--- a/drivers/staging/r8188eu/core/rtw_cmd.c
+++ b/drivers/staging/r8188eu/core/rtw_cmd.c
@@ -1865,7 +1865,6 @@ static void c2h_wk_callback(struct work_struct *work)
 	struct evt_priv *evtpriv = container_of(work, struct evt_priv, c2h_wk);
 	struct adapter *adapter = container_of(evtpriv, struct adapter, evtpriv);
 	struct c2h_evt_hdr *c2h_evt;
-	c2h_id_filter ccx_id_filter = rtw_hal_c2h_id_filter_ccx(adapter);
 
 	evtpriv->c2h_wk_alive = true;
 
@@ -1895,14 +1894,10 @@ static void c2h_wk_callback(struct work_struct *work)
 			continue;
 		}
 
-		if (ccx_id_filter(c2h_evt->id)) {
-			kfree(c2h_evt);
-		} else {
 #ifdef CONFIG_88EU_P2P
-			/* Enqueue into cmd_thread for others */
-			rtw_c2h_wk_cmd(adapter, (u8 *)c2h_evt);
+		/* Enqueue into cmd_thread for others */
+		rtw_c2h_wk_cmd(adapter, (u8 *)c2h_evt);
 #endif
-		}
 	}
 
 	evtpriv->c2h_wk_alive = false;
diff --git a/drivers/staging/r8188eu/hal/hal_intf.c b/drivers/staging/r8188eu/hal/hal_intf.c
index 52edec729a687..e91db4f5886b6 100644
--- a/drivers/staging/r8188eu/hal/hal_intf.c
+++ b/drivers/staging/r8188eu/hal/hal_intf.c
@@ -353,8 +353,3 @@ void rtw_hal_notch_filter(struct adapter *adapter, bool enable)
 	if (adapter->HalFunc.hal_notch_filter)
 		adapter->HalFunc.hal_notch_filter(adapter, enable);
 }
-
-c2h_id_filter rtw_hal_c2h_id_filter_ccx(struct adapter *adapter)
-{
-	return adapter->HalFunc.c2h_id_filter_ccx;
-}
diff --git a/drivers/staging/r8188eu/include/hal_intf.h b/drivers/staging/r8188eu/include/hal_intf.h
index 201e226b49fa0..310b4192b0b52 100644
--- a/drivers/staging/r8188eu/include/hal_intf.h
+++ b/drivers/staging/r8188eu/include/hal_intf.h
@@ -331,7 +331,6 @@ int rtw_hal_iol_cmd(struct adapter  *adapter, struct xmit_frame *xmit_frame,
 
 void rtw_hal_notch_filter(struct adapter *adapter, bool enable);
 
-c2h_id_filter rtw_hal_c2h_id_filter_ccx(struct adapter *adapter);
 void indicate_wx_scan_complete_event(struct adapter *padapter);
 u8 rtw_do_join(struct adapter *padapter);