Re: [PATCH 2/2] ath9k: fix ath_tx_process_buffer() potential null ptr dereference

[Shuah Khan]

On 2/17/21 12:30 AM, Kalle Valo wrote:
> Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> writes:
>
> > On 2/16/21 12:53 AM, Felix Fietkau wrote:
> > > On 2021-02-16 08:03, Kalle Valo wrote:
> > > > Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> wrote:
> > > >
> > > > > ath_tx_process_buffer() references ieee80211_find_sta_by_ifaddr()
> > > > > return pointer (sta) outside null check. Fix it by moving the code
> > > > > block under the null check.
> > > > >
> > > > > This problem was found while reviewing code to debug RCU warn from
> > > > > ath10k_wmi_tlv_parse_peer_stats_info() and a subsequent manual audit
> > > > > of other callers of ieee80211_find_sta_by_ifaddr() that don't hold
> > > > > RCU read lock.
> > > > >
> > > > > Signed-off-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx>
> > > > > Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx>
> > > >
> > > > Patch applied to ath-next branch of ath.git, thanks.
> > > >
> > > > a56c14bb21b2 ath9k: fix ath_tx_process_buffer() potential null ptr dereference
> > > I just took another look at this patch, and it is completely bogus.
> > > Not only does the stated reason not make any sense (sta is simply passed
> > > to other functions, not dereferenced without checks), but this also
> > > introduces a horrible memory leak by skipping buffer completion if sta
> > > is NULL.
> > > Please drop it, the code is fine as-is.
> >
> > A comment describing what you said here might be a good addition to this
> > comment block though.
>
> Shuah, can you send a followup patch which reverts your change and adds
> the comment? I try to avoid rebasing my trees.


I can do that.

thanks,
-- Shuah