fix Rx Block Ack session validity checks in iwm(4) and iwx(4)

I ported a NULL pointer check from iwlwifi rxmq.c which cannot
happen in our version of this code. Instead we need to check
the BA session ID to determine whether a BA session is valid.

Patch by Christian Ehrhardt.

diff --git a/sys/dev/pci/if_iwm.c b/sys/dev/pci/if_iwm.c
index ab482a8..6bd432f 100644 (file)
--- a/sys/dev/pci/if_iwm.c
+++ b/sys/dev/pci/if_iwm.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if_iwm.c,v 1.385 2021/12/20 15:08:10 stsp Exp $       */
+/*     $OpenBSD: if_iwm.c,v 1.386 2022/01/04 15:53:57 stsp Exp $       */
 
 /*
  * Copyright (c) 2014, 2016 genua gmbh <info@genua.de>
@@ -5115,7 +5115,8 @@ iwm_rx_reorder(struct iwm_softc *sc, struct mbuf *m, int chanidx,
                return 0;
 
        rxba = &sc->sc_rxba_data[baid];
-       if (rxba == NULL || tid != rxba->tid || rxba->sta_id != IWM_STATION_ID)
+       if (rxba->baid == IWM_RX_REORDER_DATA_INVALID_BAID ||
+           tid != rxba->tid || rxba->sta_id != IWM_STATION_ID)
                return 0;
 
        if (rxba->timeout != 0)

diff --git a/sys/dev/pci/if_iwx.c b/sys/dev/pci/if_iwx.c
index 197efe2..98e1e7d 100644 (file)
--- a/sys/dev/pci/if_iwx.c
+++ b/sys/dev/pci/if_iwx.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if_iwx.c,v 1.128 2021/12/03 14:32:08 stsp Exp $       */
+/*     $OpenBSD: if_iwx.c,v 1.129 2022/01/04 15:53:57 stsp Exp $       */
 
 /*
  * Copyright (c) 2014, 2016 genua gmbh <info@genua.de>
@@ -2931,7 +2931,7 @@ iwx_rx_bar_frame_release(struct iwx_softc *sc, struct iwx_rx_packet *pkt,
                return;
 
        rxba = &sc->sc_rxba_data[baid];
-       if (rxba == NULL || rxba->baid == IWX_RX_REORDER_DATA_INVALID_BAID)
+       if (rxba->baid == IWX_RX_REORDER_DATA_INVALID_BAID)
                return;
 
        tid = le32toh(release->sta_tid) & IWX_BAR_FRAME_RELEASE_TID_MASK;
@@ -4251,7 +4251,8 @@ iwx_rx_reorder(struct iwx_softc *sc, struct mbuf *m, int chanidx,
                return 0;
 
        rxba = &sc->sc_rxba_data[baid];
-       if (rxba == NULL || tid != rxba->tid || rxba->sta_id != IWX_STATION_ID)
+       if (rxba->baid == IWX_RX_REORDER_DATA_INVALID_BAID ||
+           tid != rxba->tid || rxba->sta_id != IWX_STATION_ID)
                return 0;
 
        if (rxba->timeout != 0)