| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241125050821.149898-1-zghbqbc@gmail.com> Date: Mon, 25 Nov 2024 13:08:21 +0800 From: Baichuan Qi <zghbqbc@...il.com> To: kvalo@...nel.org Cc: jjohnson@...nel.org, linux-wireless@...r.kernel.org, ath11k@...ts.infradead.org, linux-kernel@...r.kernel.org, Baichuan Qi <zghbqbc@...il.com> Subject: [PATCH] wifi: ath11k: Fix NULL pointer check in ath11k_ce_rx_post_pipe() The previous code used OR for NULL pointer check, whitch can not guarantee the pipe->dest_ring pointer is NON-NULL. When certain errors occur, causing pipe->dest_ring to be NULL while pipe->status_ring remains NON-NULL, the subsequent call to ath11k_ce_rx_buf_enqueue_pipe() will access the NULL pointer, resulting in a driver crash. If it is assumed that these two pointers will not become NULL for any reason, then only need to check pipe->dest_ring is or not a NULL pointer, and no need to check NULL pointer on pipe->status_ring. Signed-off-by: Baichuan Qi <zghbqbc@...il.com> --- drivers/net/wireless/ath/ath11k/ce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c index e66e86bdec20..cc9ad014d800 100644 --- a/drivers/net/wireless/ath/ath11k/ce.c +++ b/drivers/net/wireless/ath/ath11k/ce.c @@ -324,7 +324,7 @@ static int ath11k_ce_rx_post_pipe(struct ath11k_ce_pipe *pipe) dma_addr_t paddr; int ret = 0; - if (!(pipe->dest_ring || pipe->status_ring)) + if (!(pipe->dest_ring && pipe->status_ring)) return 0; spin_lock_bh(&ab->ce.ce_lock); -- 2.34.1
Powered by blists - more mailing lists