lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2380f108-54a6-0110-4e2b-e66dd54ae800@oracle.com>
Date:   Thu, 19 Sep 2019 19:37:01 +0530
From:   Allen <allen.pais@...cle.com>
To:     Johannes Berg <johannes@...solutions.net>, kvalo@...eaurora.org
Cc:     davem@...emloft.net, linux-wireless@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] iwlwifi: fix a potential NULL pointer dereference



> 
> Anyway, as 0-day bot pointed out, this isn't really right. The cleanup
> paths here are also tricky, so I arrived at this patch a few days ago:

  My bad, I should have looked at the cleanup path.

> 
> diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
> index eb544811759d..882fdf7e5e7b 100644
> --- a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
> +++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
> @@ -3530,6 +3530,15 @@ struct iwl_trans *iwl_trans_pcie_alloc(struct pci_dev *pdev,
>   	spin_lock_init(&trans_pcie->reg_lock);
>   	mutex_init(&trans_pcie->mutex);
>   	init_waitqueue_head(&trans_pcie->ucode_write_waitq);
> +
> +	trans_pcie->rba.alloc_wq = alloc_workqueue("rb_allocator",
> +						   WQ_HIGHPRI | WQ_UNBOUND, 1);
> +	if (!trans_pcie->rba.alloc_wq) {

   I would like to stick to if(unlikely(!trans_pcie->rba.alloc_wq) just 
for consistency.

   Let me know if I could add your SOB and send out V2.

- Allen

> +		ret = -ENOMEM;
> +		goto out_free_trans;
> +	}
> +	INIT_WORK(&trans_pcie->rba.rx_alloc, iwl_pcie_rx_allocator_work);
> +
>   	trans_pcie->tso_hdr_page = alloc_percpu(struct iwl_tso_hdr_page);
>   	if (!trans_pcie->tso_hdr_page) {
>   		ret = -ENOMEM;
> @@ -3664,10 +3673,6 @@ struct iwl_trans *iwl_trans_pcie_alloc(struct pci_dev *pdev,
>   		trans_pcie->inta_mask = CSR_INI_SET_MASK;
>   	 }
>   
> -	trans_pcie->rba.alloc_wq = alloc_workqueue("rb_allocator",
> -						   WQ_HIGHPRI | WQ_UNBOUND, 1);
> -	INIT_WORK(&trans_pcie->rba.rx_alloc, iwl_pcie_rx_allocator_work);
> -
>   #ifdef CPTCFG_IWLWIFI_DEBUGFS
>   	trans_pcie->fw_mon_data.state = IWL_FW_MON_DBGFS_STATE_CLOSED;
>   	mutex_init(&trans_pcie->fw_mon_data.mutex);
> @@ -3681,6 +3686,8 @@ out_free_ict:
>   	iwl_pcie_free_ict(trans);
>   out_no_pci:
>   	free_percpu(trans_pcie->tso_hdr_page);
> +	destroy_workqueue(trans_pcie->rba.alloc_wq);
> +out_free_trans:
>   	iwl_trans_free(trans);
>   	return ERR_PTR(ret);
>   }
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ