lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20241126023349.46421-1-zghbqbc@gmail.com>
Date: Tue, 26 Nov 2024 10:33:49 +0800
From: Baichuan Qi <zghbqbc@...il.com>
To: markus.elfring@....de
Cc: ath11k@...ts.infradead.org,
	jjohnson@...nel.org,
	kvalo@...nel.org,
	linux-kernel@...r.kernel.org,
	linux-wireless@...r.kernel.org,
	zghbqbc@...il.com
Subject: [PATCH] wifi: ath11k: Fix NULL pointer check in ath11k_ce_rx_post_pipe()

Change the OR to AND.
The previous code used OR within parentheses to check for
NON-NULL pointer on one of pipe->dest_ring and pipe->status_ring.
The previous code can not guarantee the pipe->dest_ring pointer
is NON-NULL. When certain errors occur, causing pipe->dest_ring
to be NULL while pipe->status_ring remains NON-NULL ,
the subsequent call to ath11k_ce_rx_buf_enqueue_pipe() will
access the NULL pointer, resulting in a driver crash.
If it is assumed that these two pointers will not become NULL
for any reason , then only need to check pipe->dest_ring is or
not a NULL pointer, and no need to check NULL pointer
on pipe->status_ring.

Signed-off-by: Baichuan Qi <zghbqbc@...il.com>
---
 drivers/net/wireless/ath/ath11k/ce.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c
index e66e86bdec20..cc9ad014d800 100644
--- a/drivers/net/wireless/ath/ath11k/ce.c
+++ b/drivers/net/wireless/ath/ath11k/ce.c
@@ -324,7 +324,7 @@ static int ath11k_ce_rx_post_pipe(struct ath11k_ce_pipe *pipe)
 	dma_addr_t paddr;
 	int ret = 0;
 
-	if (!(pipe->dest_ring || pipe->status_ring))
+	if (!(pipe->dest_ring && pipe->status_ring))
 		return 0;
 
 	spin_lock_bh(&ab->ce.ce_lock);
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ