[PATCH] ath11k: modify null check logic in ath11k_ce_rx_post_pipe()

From: Mikhail Lobanov
Date: Mon Sep 09 2024 - 11:10:43 EST

Next message: Mark Brown: "Re: [PATCH v1 0/4] Add static channel mapping between soundwire master and slave"
Previous message: Jens Axboe: "Re: [PATCH 1/1] io_uring/sqpoll: do not allow pinning outside of cpuset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The previous logic in ath11k_ce_rx_post_pipe() incorrectly required both
dest_ring and status_ring to be NULL in order to exit the function.
This caused the function to continue even if only one of the pointers
was NULL, potentially leading to null pointer dereferences in
ath11k_ce_rx_buf_enqueue_pipe().

Fix the condition by modifying the logic so that the function returns
early if either dest_ring or status_ring is NULL.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Mikhail Lobanov <m.lobanov@xxxxxxxxxxxx>
---
drivers/net/wireless/ath/ath11k/ce.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c
index e66e86bdec20..9d4246d65d68 100644
--- a/drivers/net/wireless/ath/ath11k/ce.c
+++ b/drivers/net/wireless/ath/ath11k/ce.c
@@ -324,7 +324,7 @@ static int ath11k_ce_rx_post_pipe(struct ath11k_ce_pipe *pipe)
dma_addr_t paddr;
int ret = 0;

- if (!(pipe->dest_ring || pipe->status_ring))
+ if (!pipe->dest_ring || !pipe->status_ring)
return 0;

spin_lock_bh(&ab->ce.ce_lock);
--
2.43.0

Next message: Mark Brown: "Re: [PATCH v1 0/4] Add static channel mapping between soundwire master and slave"
Previous message: Jens Axboe: "Re: [PATCH 1/1] io_uring/sqpoll: do not allow pinning outside of cpuset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]