* [PATCH] net: mwifiex: fix a NULL pointer dereference
@ 2019-03-11 7:43 Kangjie Lu
2019-03-11 17:24 ` Brian Norris
0 siblings, 1 reply; 2+ messages in thread
From: Kangjie Lu @ 2019-03-11 7:43 UTC (permalink / raw)
To: kjlu
Cc: pakki001, Amitkumar Karwar, Nishant Sarmukadam, Ganapathi Bhat,
Xinming Hu, Kalle Valo, David S. Miller, linux-wireless, netdev,
linux-kernel
In case dev_alloc_skb fails, the fix returns -ENOMEM to avoid
NULL pointer dereference.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
---
drivers/net/wireless/marvell/mwifiex/cmdevt.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/wireless/marvell/mwifiex/cmdevt.c b/drivers/net/wireless/marvell/mwifiex/cmdevt.c
index 60db2b969e20..5565f18039ab 100644
--- a/drivers/net/wireless/marvell/mwifiex/cmdevt.c
+++ b/drivers/net/wireless/marvell/mwifiex/cmdevt.c
@@ -341,6 +341,12 @@ static int mwifiex_dnld_sleep_confirm_cmd(struct mwifiex_adapter *adapter)
sleep_cfm_tmp =
dev_alloc_skb(sizeof(struct mwifiex_opt_sleep_confirm)
+ MWIFIEX_TYPE_LEN);
+ if (!sleep_cfm_tmp) {
+ mwifiex_dbg(adapter, ERROR,
+ "SLEEP_CFM: dev_alloc_skb failed\n");
+ return -ENOMEM;
+ }
+
skb_put(sleep_cfm_tmp, sizeof(struct mwifiex_opt_sleep_confirm)
+ MWIFIEX_TYPE_LEN);
put_unaligned_le32(MWIFIEX_USB_TYPE_CMD, sleep_cfm_tmp->data);
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] net: mwifiex: fix a NULL pointer dereference
2019-03-11 7:43 [PATCH] net: mwifiex: fix a NULL pointer dereference Kangjie Lu
@ 2019-03-11 17:24 ` Brian Norris
0 siblings, 0 replies; 2+ messages in thread
From: Brian Norris @ 2019-03-11 17:24 UTC (permalink / raw)
To: Kangjie Lu
Cc: pakki001, Amitkumar Karwar, Nishant Sarmukadam, Ganapathi Bhat,
Xinming Hu, Kalle Valo, David S. Miller, linux-wireless, netdev,
linux-kernel
On Mon, Mar 11, 2019 at 02:43:47AM -0500, Kangjie Lu wrote:
> In case dev_alloc_skb fails, the fix returns -ENOMEM to avoid
> NULL pointer dereference.
>
> Signed-off-by: Kangjie Lu <kjlu@umn.edu>
> ---
> drivers/net/wireless/marvell/mwifiex/cmdevt.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/net/wireless/marvell/mwifiex/cmdevt.c b/drivers/net/wireless/marvell/mwifiex/cmdevt.c
> index 60db2b969e20..5565f18039ab 100644
> --- a/drivers/net/wireless/marvell/mwifiex/cmdevt.c
> +++ b/drivers/net/wireless/marvell/mwifiex/cmdevt.c
> @@ -341,6 +341,12 @@ static int mwifiex_dnld_sleep_confirm_cmd(struct mwifiex_adapter *adapter)
> sleep_cfm_tmp =
> dev_alloc_skb(sizeof(struct mwifiex_opt_sleep_confirm)
> + MWIFIEX_TYPE_LEN);
> + if (!sleep_cfm_tmp) {
> + mwifiex_dbg(adapter, ERROR,
You have trailing whitespace. Please run your patches through
scripts/checkpatch.pl.
> + "SLEEP_CFM: dev_alloc_skb failed\n");
> + return -ENOMEM;
It's not exactly a problem with your patch, but nobody really checks the
return status of this function. I think in most (all?) cases, that's
probably OK, because we also implicitly communicate the success/failure
of this function by modifying the ->ps_state field (basically, a state
machine). So this is probably OK.
Other than the whitespace:
Reviewed-by: Brian Norris <briannorris@chromium.org>
> + }
> +
> skb_put(sleep_cfm_tmp, sizeof(struct mwifiex_opt_sleep_confirm)
> + MWIFIEX_TYPE_LEN);
> put_unaligned_le32(MWIFIEX_USB_TYPE_CMD, sleep_cfm_tmp->data);
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-03-11 17:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-11 7:43 [PATCH] net: mwifiex: fix a NULL pointer dereference Kangjie Lu
2019-03-11 17:24 ` Brian Norris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.