lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20241125050821.149898-1-zghbqbc@gmail.com>
Date: Mon, 25 Nov 2024 13:08:21 +0800
From: Baichuan Qi <zghbqbc@...il.com>
To: kvalo@...nel.org
Cc: jjohnson@...nel.org,
	linux-wireless@...r.kernel.org,
	ath11k@...ts.infradead.org,
	linux-kernel@...r.kernel.org,
	Baichuan Qi <zghbqbc@...il.com>
Subject: [PATCH] wifi: ath11k: Fix NULL pointer check in ath11k_ce_rx_post_pipe()

The previous code used OR for NULL pointer check, whitch can not
guarantee the pipe->dest_ring pointer is NON-NULL. When certain
errors occur, causing pipe->dest_ring to be NULL while
pipe->status_ring remains NON-NULL, the subsequent call to
ath11k_ce_rx_buf_enqueue_pipe() will access the NULL pointer,
resulting in a driver crash.
If it is assumed that these two pointers will not become NULL
for any reason, then only need to check pipe->dest_ring is or
not a NULL pointer, and no need to check NULL pointer on
pipe->status_ring.

Signed-off-by: Baichuan Qi <zghbqbc@...il.com>
---
 drivers/net/wireless/ath/ath11k/ce.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c
index e66e86bdec20..cc9ad014d800 100644
--- a/drivers/net/wireless/ath/ath11k/ce.c
+++ b/drivers/net/wireless/ath/ath11k/ce.c
@@ -324,7 +324,7 @@ static int ath11k_ce_rx_post_pipe(struct ath11k_ce_pipe *pipe)
 	dma_addr_t paddr;
 	int ret = 0;
 
-	if (!(pipe->dest_ring || pipe->status_ring))
+	if (!(pipe->dest_ring && pipe->status_ring))
 		return 0;
 
 	spin_lock_bh(&ab->ce.ce_lock);
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ