wifi: ath12k: Add NULL check to validate tpc_stats

While processing TPC stats received from firmware, there are chances that
the tpc_stats might not be filled and the data is not available. This can
happen under two scenarios. First, when firmware sends a non-zero event
count before event count 0. When this happens, tpc_stats will be checked
for data before memory allocation and the tpc_stats will be unavailable.
Second, when memory allocation failed when event count received is 0 and
the firmware still sends a non-zero event. When this happens, memory will
not be allocated for tpc_stats though event count is 0, so when non-zero
event count is received, tpc_stats will be empty. There are checks to
validate if tpc_stats variable is filled that are used in two subsequent
places, but these are placed after tpc_stats is dereference without
checking if it is NULL or has valid data.

Fix this by removing the mentioned checks and adding a NULL check after
assigning tpc_stats to check if it is valid.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1

Closes: https://scan7.scan.coverity.com/#/project-view/52668/11354?selectedIssue=1637145
Fixes: f0c3bb78e42f ("wifi: ath12k: Add Support to Parse TPC Event from Firmware")
Signed-off-by: Roopni Devanathan <quic_rdevanat@quicinc.com>
Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>
Link: https://patch.msgid.link/20250221041250.769491-1-quic_rdevanat@quicinc.com
Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>

diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c
index 1d6b7af546bf7e3feb3cf92e6852da7afb223272..96c473c4adc657e7cf32f5ff7240b567d55f57ea 100644 (file)
--- a/drivers/net/wireless/ath/ath12k/wmi.c
+++ b/drivers/net/wireless/ath/ath12k/wmi.c
@@ -8442,6 +8442,10 @@ static void ath12k_wmi_process_tpc_stats(struct ath12k_base *ab,
        }
 
        tpc_stats = ar->debug.tpc_stats;
+       if (!tpc_stats) {
+               ath12k_warn(ab, "tpc stats memory unavailable\n");
+               goto unlock;
+       }
 
        if (!(event_count == 0)) {
                if (event_count != tpc_stats->event_count + 1) {
@@ -8460,13 +8464,12 @@ static void ath12k_wmi_process_tpc_stats(struct ath12k_base *ab,
                                  ath12k_wmi_tpc_stats_event_parser,
                                  tpc_stats);
        if (ret) {
-               if (tpc_stats)
-                       ath12k_wmi_free_tpc_stats_mem(ar);
+               ath12k_wmi_free_tpc_stats_mem(ar);
                ath12k_warn(ab, "failed to parse tpc_stats tlv: %d\n", ret);
                goto unlock;
        }
 
-       if (tpc_stats && tpc_stats->end_of_event)
+       if (tpc_stats->end_of_event)
                complete(&ar->debug.tpc_complete);
 
 unlock: