lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Feb 2021 07:32:57 +0000 (UTC) From: Kalle Valo <kvalo@...eaurora.org> To: Shuah Khan <skhan@...uxfoundation.org> Cc: davem@...emloft.net, kuba@...nel.org, nbd@....name, Shuah Khan <skhan@...uxfoundation.org>, ath9k-devel@....qualcomm.com, linux-wireless@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] Revert "ath9k: fix ath_tx_process_buffer() potential null ptr dereference" Shuah Khan <skhan@...uxfoundation.org> wrote: > This reverts commit a56c14bb21b296fb6d395164ab62ef2e419e5069. > > ath_tx_process_buffer() doesn't dereference or check sta and passes it > to ath_tx_complete_aggr() and ath_tx_complete_buf(). > > ath_tx_complete_aggr() checks the pointer before use. No problem here. > > ath_tx_complete_buf() doesn't check or dereference sta and passes it on > to ath_tx_complete(). ath_tx_complete() doesn't check or dereference sta, > but assigns it to tx_info->status.status_driver_data[0] > > ath_tx_complete_buf() is called from ath_tx_complete_aggr() passing > null ieee80211_sta pointer. > > There is a potential for dereference later on, if and when the > tx_info->status.status_driver_data[0]is referenced. In addition, the > rcu read lock might be released before referencing the contents. > > ath_tx_complete_buf() should be fixed to check sta perhaps? Worth > looking into. > > Reverting this patch because it doesn't solve the problem and introduces > memory leak by skipping buffer completion if the pointer (sta) is NULL. > > Fixes: a56c14bb21b2 ("ath9k: fix ath_tx_process_buffer() potential null ptr dereference") > Signed-off-by: Shuah Khan <skhan@...uxfoundation.org> > Signed-off-by: Kalle Valo <kvalo@...eaurora.org> Patch applied to ath-next branch of ath.git, thanks. 14ebaeeff8d0 Revert "ath9k: fix ath_tx_process_buffer() potential null ptr dereference" -- https://patchwork.kernel.org/project/linux-wireless/patch/20210217211801.22540-1-skhan@linuxfoundation.org/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Powered by blists - more mailing lists