Re: [PATCH] ath11k: modify null check logic in ath11k_ce_rx_post_pipe()

From: Kalle Valo
Date: Thu Sep 19 2024 - 12:46:30 EST

Next message: Casey Schaufler: "Re: [syzbot] [audit?] general protection fault in smack_log_callback"
Previous message: Charles Keepax: "Re: [PATCH] ASoC: cs35l45: Corrects cs35l45_get_clk_freq_id function data type"
Next in thread: Jeff Johnson: "Re: [PATCH] ath11k: modify null check logic in ath11k_ce_rx_post_pipe()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mikhail Lobanov <m.lobanov@xxxxxxxxxxxx> wrote:

> The previous logic in ath11k_ce_rx_post_pipe() incorrectly required both
> dest_ring and status_ring to be NULL in order to exit the function.
> This caused the function to continue even if only one of the pointers
> was NULL, potentially leading to null pointer dereferences in
> ath11k_ce_rx_buf_enqueue_pipe().
>
> Fix the condition by modifying the logic so that the function returns
> early if either dest_ring or status_ring is NULL.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
> Signed-off-by: Mikhail Lobanov <m.lobanov@xxxxxxxxxxxx>

Jeff, what do you think?

--
https://patchwork.kernel.org/project/linux-wireless/patch/20240909150824.28195-1-m.lobanov@xxxxxxxxxxxx/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
https://docs.kernel.org/process/submitting-patches.html

Next message: Casey Schaufler: "Re: [syzbot] [audit?] general protection fault in smack_log_callback"
Previous message: Charles Keepax: "Re: [PATCH] ASoC: cs35l45: Corrects cs35l45_get_clk_freq_id function data type"
Next in thread: Jeff Johnson: "Re: [PATCH] ath11k: modify null check logic in ath11k_ce_rx_post_pipe()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]