wimax/i2400m: fix oops when the TX FIFO fills up due to a missing check

When the TX FIFO filled up and i2400m_tx_new() failed to allocate a
new TX message header, a missing check for said condition was causing a
kernel oops when trying to dereference a NULL i2400m->tx_msg pointer.

Found and diagnosed by Cindy H. Kao.

Signed-off-by: Inaky Perez-Gonzalez <inaky@linux.intel.com>

diff --git a/drivers/net/wimax/i2400m/tx.c b/drivers/net/wimax/i2400m/tx.c
index 4295dcf..fa16ccf 100644 (file)
--- a/drivers/net/wimax/i2400m/tx.c
+++ b/drivers/net/wimax/i2400m/tx.c
@@ -653,6 +653,8 @@ try_new:
                i2400m_tx_close(i2400m);
                i2400m_tx_new(i2400m);
        }
+       if (i2400m->tx_msg == NULL)
+               goto error_tx_new;
        if (i2400m->tx_msg->size + padded_len > I2400M_TX_BUF_SIZE / 2) {
                d_printf(2, dev, "TX: message too big, going new\n");
                i2400m_tx_close(i2400m);