| Message ID | 20250109155201.3661298-1-marcel.hamer@windriver.com |
|---|---|
| State | New |
| Headers | show
Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com
[205.220.178.238])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6816821A42C;
Thu, 9 Jan 2025 15:53:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=205.220.178.238
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1736438005; cv=fail;
b=kZWFab4gkYxsrq20NbhuaiFbgtAeaTY+BmBR7dZ6H2BoKYVod05OC4Y6DxNq9Xt2k1qdtIX8xAgesO2EXFXXLspmW8DNaIuKdrYvlolfFTW0nDQ87FgVHSyys/Jp1ipFp/8SHzLOfT/VsKA34wjIRaV5vhqHyiZo5BHUaju8j8s=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1736438005; c=relaxed/simple;
bh=ozaq0T3tMisXLZQ4yg1pKZgc/Le1r1dchC0a9xHF2LA=;
h=From:To:Cc:Subject:Date:Message-Id:Content-Type:MIME-Version;
b=Hy+Lq6kMAiHKGMQsQsH6ESlp88120eqmVOQpjTTdDL/EgF50spyf+6tm3taP7bCvBg4kA8wOnIItyL+eJaDKeSr+UP5ibNowvYnBOZxOOi+1mdBrl1CSB0pq5c+QJE5Xb3dp/AjOwQQtYgTtYaV7OL+s8FvimUNLQhIUeO4mJCs=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=reject dis=none) header.from=windriver.com;
spf=pass smtp.mailfrom=windriver.com; arc=fail smtp.client-ip=205.220.178.238
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=reject dis=none) header.from=windriver.com
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=windriver.com
Received: from pps.filterd (m0250812.ppops.net [127.0.0.1])
by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
509BPxK4001632;
Thu, 9 Jan 2025 15:53:12 GMT
Received: from nam04-dm6-obe.outbound.protection.outlook.com
(mail-dm6nam04lp2048.outbound.protection.outlook.com [104.47.73.48])
by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 441fnkhw59-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
Thu, 09 Jan 2025 15:53:11 +0000 (GMT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=D5JDUgHnzj1hTLhs+N/llSFaQXpIhLbHgkH29AYvxtvZ0a7N5Pi8I6QsZiT76r3EA9P7RtLtlHmN/q15vs4CaY4nAklrZDRh6ovNaCMSkOL8Ro26M/BsjJLhTGWT20Redi82PcSdmGBWWU2IW9bJ6b64z2eA+D7iIt0KIGq93O5Ijgn/ZyTojxThDeKxXMF0cDICt+Q2gUvrjPttrPqIoLlW/SlyKLctGxD60V4jAVxxorUJSE+LYPanPAJWHS4vLqxabngE7AXMxWeKt+5f7rnemRLi3vqfu0c4qRZzrI7kjy9VQiLAJCAr1ThiIZVdupg9dyUQrK6yV+bbl3YImg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=szyKh/IqqxKDjMmGArD1xxjKLUjpTtx2gKjs1luvbM0=;
b=EUvyjP4hViLz1sQkN/5H9nPKxS0pzuP6ZYk73/3YCtpv0Fs7dBw4kGKWlxjSnhyhv9RqbqX3wBRthJO4gi5DLxtCYu0AqvLlHca6oLDqvIa13eRbwHEY0BPa8Y3qs6SjvWEAWoPwh9cSbwKowyyRW3aoONT0tWGmpUneMQA9q0bVsM4YBURCvSHEyC5MMbe6LlF859Losim4/HAEk8KkkYgz9MYgXYPcaGqJS11T++2OZRLanUmVuu3H8nCVAEfO6XgDxjxLRmPGqSS2Uit1Ambvf1JEV0IOAKLP9n6raRdkET1da769036/vOdzjmOzZsdYMrNF5pV0jsEOQlOfnw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=windriver.com; dmarc=pass action=none
header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none
Received: from CO6PR11MB5617.namprd11.prod.outlook.com (2603:10b6:5:35c::14)
by CH3PR11MB8564.namprd11.prod.outlook.com (2603:10b6:610:1b1::5) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.12; Thu, 9 Jan
2025 15:53:08 +0000
Received: from CO6PR11MB5617.namprd11.prod.outlook.com
([fe80::9629:5ec0:f779:4bd]) by CO6PR11MB5617.namprd11.prod.outlook.com
([fe80::9629:5ec0:f779:4bd%5]) with mapi id 15.20.8335.011; Thu, 9 Jan 2025
15:53:07 +0000
From: Marcel Hamer <marcel.hamer@windriver.com>
To: Arend van Spriel <arend.vanspriel@broadcom.com>
Cc: Kalle Valo <kvalo@kernel.org>, linux-wireless@vger.kernel.org,
Marcel Hamer <marcel.hamer@windriver.com>, stable@vger.kernel.org
Subject: [PATCH] brcmfmac: NULL pointer dereference on tx statistic update
Date: Thu, 9 Jan 2025 16:52:01 +0100
Message-Id: <20250109155201.3661298-1-marcel.hamer@windriver.com>
X-Mailer: git-send-email 2.34.1
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-ClientProxiedBy: GV3PEPF00002E75.SWEP280.PROD.OUTLOOK.COM
(2603:10a6:158:401::44) To CO6PR11MB5617.namprd11.prod.outlook.com
(2603:10b6:5:35c::14)
Precedence: bulk
X-Mailing-List: linux-wireless@vger.kernel.org
List-Id: <linux-wireless.vger.kernel.org>
List-Subscribe: <mailto:linux-wireless+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-wireless+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO6PR11MB5617:EE_|CH3PR11MB8564:EE_
X-MS-Office365-Filtering-Correlation-Id: aabc7f4c-af13-410e-3b73-08dd30c5b5e3
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|10070799003|1800799024|376014;
X-Microsoft-Antispam-Message-Info:
5KZk5KJKCMhvmZdb+jEUTqM4W53aOzrEAe2+LTP9K2AV/18uX5gY93JBQR8RKyRpdsmk4OKn83u/Q7C2bx9KTJR0lxKsuVU5VBRHDwwu0wPAzA7K4QByuB9bUiZJ9sI67SiVKL3dU3xtrclKGnURgiz8vg/s4PNBDBTBbqHQ6up1ZIiUACf4IUnhfzL4gt703xDdHV/R9qJVG0YHSFPDC/7tHMQo34+tV5x2WgDbAybfTgMBvmWNm9B7Of41OH9FsarfYOBFMrIiocg3i5RhuxYKrrxVqwHoNNJWsj2iwT8L2toC/EHKCQCrvhuh/DSJDc0qxHCG7QYGQXXQM8mscRjBULybfx2hgTKE6UNOitbuP4vYMHGUVxh68krl2/TChVLk2qguhIvOeZ9VE/robD48vACyGcw3NrPcC4Eel92cn0pYFR+UX0H498+WxeduqB+bntRlBYTuAhUPe2clnqBYHZZUA9unpcuezWJJpQHyCE6mf7zepJpwNYn0cTWGlokkBhnVn1PwU922mEtvmt6oDBAgnOGsKavDJLlvFwnktHs9dtpAzhNpba++JawrL8OJ9vhEm3FeibbJU6ud4Hte37V+B4mVOoAJkApb/MPML/MIhuAlucRy8D5JENUl7DZ6qr29IYld6qh+L9Wd2Y6i/+lFEjb6VAfE8E46MPa0G46xdB2u0i6kLpf/Fb58W4NN9MQ0zL98TGkUMX8T1pA42Y7e4y7aGqGDmdir5Gp/C+09BO7HJqpjx3bvYKhW5S7XP77nyprQWhhm6W8KhlR9QCQUBKA8CaUvNpZuoIgC3QmxD5t+nRPD9ek3isOfXLeKtkh5P8WESjCSHjdhUozIhMiTuMuDKlJEU94JD0+FGOLql38RLVebXHKS9f4QaSCAfqHSgWXEtmZraJkQeyJUOxjh1Esob8xx6vz6wK9WZ+15eIKW61GFybNd3lR/nYNXm2O0J0r03I66piRx0fPehBPnE/dxh94mMavj1gq7Cr263k0QNyqpIXh2hxZ3trn9bvSlXF9TfoJhh9lSyhnY8ywbFa1qS0gK8sGGuye60eVeC0fbLtawl/RwMcLXdHtlQ6yMB9plvOwiPlt/E1FF9wA4gsFt8NR4gh8/lHGRd/y1HqvaqU7EfC4fV4VlBM79WgRl+H+OInT/G6hlwS9U6q6ORaP2DUTyzd292rgyfmM7gnAmxHk0utJY+sVt7n0HSUIu0Zmb/+X25RaQHz9D6Mxw/lfYvJA6GGaZmFNQsYuUjqIq+EVaf6S96Rt2oaS3NPhfbesKjGNsbG/YZt+JjWqAuPZ5NasCmUpFPNN6XzEAsGCqWT1/fErL18qF0t9AYQ+M1hdNSlwYqD0/J7Txo0U68B+Wz4ArTOlYnnSTwHhTdYwYTDA/FT/3qURe
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO6PR11MB5617.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(10070799003)(1800799024)(376014);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
vZKAWgDR/73K6ZV+zkKnq2NKkKmJ9vd1ODYrouJYYyMT6871y71H+S5xjEcR6qYq+2hcY3eBG8oDoT0dvI4v1M+Z6CT18URMFD6iwjEhcrAHHMxhCxNVrLYa+m12O/86h0YetCzda3udiK1JKXPutzzn5Ey44CpW6YD4NScAb58esYgQEbDWsi3Tu1ImMeYWj9aQtvGDkN9w71O6g2EunYdOym/M6k2csw8hwlJ/yPn9YJU+qs9ACZwLXYxbpZ1hHN/buE1+Z203G9s/eZPdRbkustHTyRKDFSes4fb3awloiog9dF5Ii/qvvbcbJB/78jgMCyl341Zbck70uVoeaBRiPY1ySCd5YFgecsCMbQkp8XaKzDlo2FKzvpYaxeNKoelo14Ar05XYGQGoSxd7KU2HL5eXhMWrLcowijVAh2gLH+fNhatxmnVcyInFDO/2t2ez+q/udak5k6rUL3RiDFcAiGJytogNDLcX82WaVXC+uvNuXH0EkAziCenRaVPQvZbRZgTQqDt0G5c/RsS+yQPeYGFE6WIj3EToqr9AVuKF4FZN3Eay4gXZGzj5qLksk6AIs2ce003DG7WulCKqVFsd2ptM+8Z4igOmiVpz8Xb9TxvH5b8D26uddk3Qh42wcZ0BN5FS+nDsEmcsET5ZCCKZNsLUvV5qiNeppbvMuTHlCohQVH6m9oULjnMCeD6FLbGDKxhMb26uzGipzH8CgwRSS8iyt+t1qcflyn/RyfZRq46PgnWZdX7DmC5E2fNT3ci4Yp/6pM9s/zcvBigUF5vovZXMn8821zHjYEu3ufrqJQek10DWlakTB7VA5PAhAJ30aAXWgOjiKeJGQYo0oAtTtmcqZE3dG/24iwXgV3BqETm/F5wPAEoQLIrUQHgi+6HMecE4xyx6mRPKsoYk/VNzACOGa2sPnQjYwpo1qSQiVYsBXhH4a0xxNZxW5Q9sCwI6aDhggz2dra34g02yOOnSAPRsGEyhgSc76+eKXRpgujBUz2iUzhmtVz6Mj6h4JnfrMGhP7dKQfDXwFlpuSzhhDLJekh/jQB8nzZyqkLc4OJResNYrDwQwnskfYpAzK4A3zkp9z9BR0lFclwDaK4ZcyE9J9ROt70+jN/hLMe5/y1I43tMg8Iiumkvlz69iycLqEafnNg1Pl5qdOwUIQA9cDTIBLjndT8FhLTMroodKY4croGbHq2iGbGf6e79kk2exSCJ0P2D1mdjF4eky07s0bR0+vi8DVVIQQr43fQF4EAhPmfvNh6lE9wyKO4NN3Mrsee/QtplyG8c75W7BTfrpBORO27Yny4luJ5iQN7BOrUCm2GYP+XD8VK2Tski7DVshx3iQ8yfhswwLAM45bl+DhkC4c9EM5L5ix7GACJ/VKShUVODQpL/csdDZ//377knSyrdCP8CP4EnWVqJh2OfKaJdqxhZHhIGkRtO0ylTz2TW2o6EgwWRlYOhkW7mWtwAhoFkVqwY1RqAtKz0V/lXEzrQbALKxKDeZOyV3CaPF3GX8KaicuaDSKsIeKXCgUb17Yh1bQmrqgHYy85xOtlU8WgLiPD/63AKole+HKDoobZ3xCF+RZvnjEOcGEhGqTGy58Cr24jOUi7ITpu5ukNFHCwVfI69LScATRFR+eZAodzDqC4FKvg/L9IWQnzrngov3Da6x/VzMcIDtJQBfIA==
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
aabc7f4c-af13-410e-3b73-08dd30c5b5e3
X-MS-Exchange-CrossTenant-AuthSource: CO6PR11MB5617.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jan 2025 15:53:07.7249
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName:
JFzMM12fNCIughpbDPERmKApszCe5qXoMhOgL1Y02zSOKGxDPkd8R4MoYg8Dufs/bb+WcfncBvf81k4kxQWfzZXc9v3N78q6Jd0MTVwfdf0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8564
X-Proofpoint-GUID: _Iuk1h7CNxkGC4-Vp3ZjPXEW_7-WOAml
X-Authority-Analysis: v=2.4 cv=bJjsIO+Z c=1 sm=1 tr=0 ts=677ff0e8 cx=c_pps
a=MHkl0I0wjNeC5ak5fNlPUA==:117 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19
a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=VdSt8ZQiCzkA:10
a=bRTqI5nwn0kA:10 a=VwQbUJbxAAAA:8
a=pGLkceISAAAA:8 a=t7CeM3EgAAAA:8 a=0pxr1lnVwKlhBzQI8TcA:9
a=FdTzh2GWekK77mhwV6Dw:22
X-Proofpoint-ORIG-GUID: _Iuk1h7CNxkGC4-Vp3ZjPXEW_7-WOAml
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34
definitions=2025-01-09_07,2025-01-09_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
phishscore=0 mlxlogscore=872
spamscore=0 mlxscore=0 bulkscore=0 priorityscore=1501 clxscore=1011
adultscore=0 malwarescore=0 lowpriorityscore=0 impostorscore=0
suspectscore=0 classifier=spam authscore=0 adjust=0 reason=mlx scancount=1
engine=8.21.0-2411120000 definitions=main-2501090127
|
| Series |
brcmfmac: NULL pointer dereference on tx statistic update
|
expand
|
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c index c3a57e30c855..cf731bc7ae24 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c @@ -549,7 +549,7 @@ void brcmf_txfinalize(struct brcmf_if *ifp, struct sk_buff *txp, bool success) wake_up(&ifp->pend_8021x_wait); } - if (!success) + if (!success && ifp) ifp->ndev->stats.tx_errors++; brcmu_pkt_buf_free_skb(txp);
On removal of the device or unloading of the kernel module a potential NULL pointer dereference occurs. The following sequence deletes the interface: brcmf_detach() brcmf_remove_interface() brcmf_del_if() Inside the brcmf_del_if() function the drvr->if2bss[ifidx] is updated to BRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches. After brcmf_remove_interface() call the brcmf_proto_detach() function is called providing the following sequence: brcmf_detach() brcmf_proto_detach() brcmf_proto_msgbuf_detach() brcmf_flowring_detach() brcmf_msgbuf_delete_flowring() brcmf_msgbuf_remove_flowring() brcmf_flowring_delete() brcmf_get_ifp() brcmf_txfinalize() Since brcmf_get_ip() can and actually will return NULL in this case the call to brcmf_txfinalize() will result in a NULL pointer dereference inside brcmf_txfinalize() when trying to update ifp->ndev->stats.tx_errors. This will only happen if a flowring still has an skb. Cc: stable@vger.kernel.org Signed-off-by: Marcel Hamer <marcel.hamer@windriver.com> Link: https://lore.kernel.org/all/b519e746-ddfd-421f-d897-7620d229e4b2@gmail.com/ --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)