From patchwork Mon Sep 9 15:08:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mikhail Lobanov X-Patchwork-Id: 826927 Received: from mail.rosalinux.ru (mail.rosalinux.ru [195.19.76.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 927251CD3F; Mon, 9 Sep 2024 15:09:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.19.76.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725894593; cv=none; b=YH6xnx8sWLzBdfLBppPKnwY0yrnaxXQSa25SZtbWAfNFCDe38xb8qKJRpRa+3eFJUekBDxXOLbNH//9eCEp6CVd/jrFmaIWjKtV8ti9erbdkrzPq0TTF16Kf0eYOWQ4C4Zd9o3y6Jl0O8GMxRYyZJANmdo2qHApVVgxwgokFwFc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725894593; c=relaxed/simple; bh=j0YQ1JsT6Sl6v2u3HZJN1LUN5o+6fe/pgLKSj6VCpHo=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=WMJfmoCuK+Q5Qb5OJcJ1/ynaBzn+4W/ilUzh0lBBvhRjJqoNISdEkBdeRUKe8fx0P81hn2/Otsk0SQTNMBVs/4Ka/nFfBZeaVteg5gFRRyvBbxm+1fjP2e80B5laQypObbT8BW2EnDQ6wgZFu2NZkHr40CXWaHrJmQyooG5qMkE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=rosalinux.ru; spf=pass smtp.mailfrom=rosalinux.ru; dkim=pass (2048-bit key) header.d=rosalinux.ru header.i=@rosalinux.ru header.b=kVoQM5LI; arc=none smtp.client-ip=195.19.76.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=rosalinux.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rosalinux.ru Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rosalinux.ru header.i=@rosalinux.ru header.b="kVoQM5LI" Received: from localhost (localhost [127.0.0.1]) by mail.rosalinux.ru (Postfix) with ESMTP id DE719F96D6A8A; Mon, 9 Sep 2024 18:09:41 +0300 (MSK) Received: from mail.rosalinux.ru ([127.0.0.1]) by localhost (mail.rosalinux.ru [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id UotMJwDW5c-o; Mon, 9 Sep 2024 18:09:41 +0300 (MSK) Received: from localhost (localhost [127.0.0.1]) by mail.rosalinux.ru (Postfix) with ESMTP id B1366F96D6A8E; Mon, 9 Sep 2024 18:09:41 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.rosalinux.ru B1366F96D6A8E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rosalinux.ru; s=1D4BB666-A0F1-11EB-A1A2-F53579C7F503; t=1725894581; bh=qSyQ4pSfZEnrTREXFvnropqxg0UKjf2Lm16mH1Y1mlc=; h=From:To:Date:Message-ID:MIME-Version; b=kVoQM5LIZeuKaFX+8V0CIgPFP8tp6Xzg+KdSRB5Ws0aZAx7HkpIX6ksZMyyM3sQ0N FaXsOHy+WWpe+pK7oNnI9IT2qF2wmX13bRQL9my6D5QuosNnuo2X/Xyh7k9XYwfEbS 6+7HTgEX/G8A7e1QR3WpI8zE8MtMjFX37puTP7TSCrhKK93PMK0Nhsdy2SPCPF11i+ ZM3r67zof3Md0EoqlXvVVCO0HaujJ9gKcjx8EP3qwkWr5/b3SPIxWcVNyLdpUaBynh ItlN9woC0zk9vr4WvyauXBPOumvz0Cm0pz9tUlvo8QWaX8z+AS8so5AgWJ1ZrGsEqT YuWjoJe2lW5iQ== X-Virus-Scanned: amavisd-new at rosalinux.ru Received: from mail.rosalinux.ru ([127.0.0.1]) by localhost (mail.rosalinux.ru [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id IhIZLQJ360Z7; Mon, 9 Sep 2024 18:09:41 +0300 (MSK) Received: from localhost.localdomain (unknown [213.87.137.230]) by mail.rosalinux.ru (Postfix) with ESMTPSA id D52C1F96D6A8A; Mon, 9 Sep 2024 18:09:40 +0300 (MSK) From: Mikhail Lobanov To: Kalle Valo Cc: Mikhail Lobanov , Jeff Johnson , Govindaraj Saminathan , Miles Hu , Sven Eckelmann , Rajkumar Manoharan , John Crispin , linux-wireless@vger.kernel.org, ath11k@lists.infradead.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org Subject: [PATCH] ath11k: modify null check logic in ath11k_ce_rx_post_pipe() Date: Mon, 9 Sep 2024 11:08:20 -0400 Message-ID: <20240909150824.28195-1-m.lobanov@rosalinux.ru> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The previous logic in ath11k_ce_rx_post_pipe() incorrectly required both dest_ring and status_ring to be NULL in order to exit the function. This caused the function to continue even if only one of the pointers was NULL, potentially leading to null pointer dereferences in ath11k_ce_rx_buf_enqueue_pipe(). Fix the condition by modifying the logic so that the function returns early if either dest_ring or status_ring is NULL. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Signed-off-by: Mikhail Lobanov Acked-by: Jeff Johnson --- drivers/net/wireless/ath/ath11k/ce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c index e66e86bdec20..9d4246d65d68 100644 --- a/drivers/net/wireless/ath/ath11k/ce.c +++ b/drivers/net/wireless/ath/ath11k/ce.c @@ -324,7 +324,7 @@ static int ath11k_ce_rx_post_pipe(struct ath11k_ce_pipe *pipe) dma_addr_t paddr; int ret = 0; - if (!(pipe->dest_ring || pipe->status_ring)) + if (!pipe->dest_ring || !pipe->status_ring) return 0; spin_lock_bh(&ab->ce.ce_lock);