[PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[Colin King]

From: Colin Ian King <colin.king@canonical.com>

In the unlikely event that cap->supported_bands has neither
WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer
band is null and a null dereference occurs when assigning
band->n_iftype_data.  Move the assignment to the if blocks to
avoid this.  Cleans up static analysis warnings.

Addresses-Coverity: ("Explicit null dereference")
Fixes: 9f056ed8ee01 ("ath11k: add HE support")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/net/wireless/ath/ath11k/mac.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 556eef9881a7..4a364cfe37ed 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -3520,8 +3520,8 @@ static int ath11k_mac_copy_he_cap(struct ath11k *ar,
 static void ath11k_mac_setup_he_cap(struct ath11k *ar,
 				    struct ath11k_pdev_cap *cap)
 {
-	struct ieee80211_supported_band *band = NULL;
-	int count = 0;
+	struct ieee80211_supported_band *band;
+	int count;
 
 	if (cap->supported_bands & WMI_HOST_WLAN_2G_CAP) {
 		count = ath11k_mac_copy_he_cap(ar, cap,
@@ -3529,6 +3529,7 @@ static void ath11k_mac_setup_he_cap(struct ath11k *ar,
 					       NL80211_BAND_2GHZ);
 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
 		band->iftype_data = ar->mac.iftype[NL80211_BAND_2GHZ];
+		band->n_iftype_data = count;
 	}
 
 	if (cap->supported_bands & WMI_HOST_WLAN_5G_CAP) {
@@ -3537,9 +3538,8 @@ static void ath11k_mac_setup_he_cap(struct ath11k *ar,
 					       NL80211_BAND_5GHZ);
 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
 		band->iftype_data = ar->mac.iftype[NL80211_BAND_5GHZ];
+		band->n_iftype_data = count;
 	}
-
-	band->n_iftype_data = count;
 }
 
 static int __ath11k_set_antenna(struct ath11k *ar, u32 tx_ant, u32 rx_ant)
-- 
2.24.0

[PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[Colin King]

From: Colin Ian King <colin.king@canonical.com>

In the unlikely event that cap->supported_bands has neither
WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer
band is null and a null dereference occurs when assigning
band->n_iftype_data.  Move the assignment to the if blocks to
avoid this.  Cleans up static analysis warnings.

Addresses-Coverity: ("Explicit null dereference")
Fixes: 9f056ed8ee01 ("ath11k: add HE support")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/net/wireless/ath/ath11k/mac.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 556eef9881a7..4a364cfe37ed 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -3520,8 +3520,8 @@ static int ath11k_mac_copy_he_cap(struct ath11k *ar,
 static void ath11k_mac_setup_he_cap(struct ath11k *ar,
 				    struct ath11k_pdev_cap *cap)
 {
-	struct ieee80211_supported_band *band = NULL;
-	int count = 0;
+	struct ieee80211_supported_band *band;
+	int count;
 
 	if (cap->supported_bands & WMI_HOST_WLAN_2G_CAP) {
 		count = ath11k_mac_copy_he_cap(ar, cap,
@@ -3529,6 +3529,7 @@ static void ath11k_mac_setup_he_cap(struct ath11k *ar,
 					       NL80211_BAND_2GHZ);
 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
 		band->iftype_data = ar->mac.iftype[NL80211_BAND_2GHZ];
+		band->n_iftype_data = count;
 	}
 
 	if (cap->supported_bands & WMI_HOST_WLAN_5G_CAP) {
@@ -3537,9 +3538,8 @@ static void ath11k_mac_setup_he_cap(struct ath11k *ar,
 					       NL80211_BAND_5GHZ);
 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
 		band->iftype_data = ar->mac.iftype[NL80211_BAND_5GHZ];
+		band->n_iftype_data = count;
 	}
-
-	band->n_iftype_data = count;
 }
 
 static int __ath11k_set_antenna(struct ath11k *ar, u32 tx_ant, u32 rx_ant)
-- 
2.24.0


_______________________________________________
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k

Re: [PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[linmiaohe]

Colin Ian King <colin.king@canonical.com> wrote：
>From: Colin Ian King <colin.king@canonical.com>
>
>In the unlikely event that cap->supported_bands has neither WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer band is null and a null dereference occurs when assigning
>band->n_iftype_data.  Move the assignment to the if blocks to
>avoid this.  Cleans up static analysis warnings.
>
>Addresses-Coverity: ("Explicit null dereference")
>Fixes: 9f056ed8ee01 ("ath11k: add HE support")
>Signed-off-by: Colin Ian King <colin.king@canonical.com>
>---
> drivers/net/wireless/ath/ath11k/mac.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)

It looks fine for me. Thanks.
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>

Re: [PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[linmiaohe]

DQpDb2xpbiBJYW4gS2luZyA8Y29saW4ua2luZ0BjYW5vbmljYWwuY29tPiB3cm90Ze+8mg0KPkZy
b206IENvbGluIElhbiBLaW5nIDxjb2xpbi5raW5nQGNhbm9uaWNhbC5jb20+DQo+DQo+SW4gdGhl
IHVubGlrZWx5IGV2ZW50IHRoYXQgY2FwLT5zdXBwb3J0ZWRfYmFuZHMgaGFzIG5laXRoZXIgV01J
X0hPU1RfV0xBTl8yR19DQVAgc2V0IG9yIFdNSV9IT1NUX1dMQU5fNUdfQ0FQIHNldCB0aGVuIHBv
aW50ZXIgYmFuZCBpcyBudWxsIGFuZCBhIG51bGwgZGVyZWZlcmVuY2Ugb2NjdXJzIHdoZW4gYXNz
aWduaW5nDQo+YmFuZC0+bl9pZnR5cGVfZGF0YS4gIE1vdmUgdGhlIGFzc2lnbm1lbnQgdG8gdGhl
IGlmIGJsb2NrcyB0bw0KPmF2b2lkIHRoaXMuICBDbGVhbnMgdXAgc3RhdGljIGFuYWx5c2lzIHdh
cm5pbmdzLg0KPg0KPkFkZHJlc3Nlcy1Db3Zlcml0eTogKCJFeHBsaWNpdCBudWxsIGRlcmVmZXJl
bmNlIikNCj5GaXhlczogOWYwNTZlZDhlZTAxICgiYXRoMTFrOiBhZGQgSEUgc3VwcG9ydCIpDQo+
U2lnbmVkLW9mZi1ieTogQ29saW4gSWFuIEtpbmcgPGNvbGluLmtpbmdAY2Fub25pY2FsLmNvbT4N
Cj4tLS0NCj4gZHJpdmVycy9uZXQvd2lyZWxlc3MvYXRoL2F0aDExay9tYWMuYyB8IDggKysrKy0t
LS0NCj4gMSBmaWxlIGNoYW5nZWQsIDQgaW5zZXJ0aW9ucygrKSwgNCBkZWxldGlvbnMoLSkNCg0K
SXQgbG9va3MgZmluZSBmb3IgbWUuIFRoYW5rcy4NClJldmlld2VkLWJ5OiBNaWFvaGUgTGluIDxs
aW5taWFvaGVAaHVhd2VpLmNvbT4NCg=

Re: [PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[linmiaohe]

Colin Ian King <colin.king@canonical.com> wrote：
>From: Colin Ian King <colin.king@canonical.com>
>
>In the unlikely event that cap->supported_bands has neither WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer band is null and a null dereference occurs when assigning
>band->n_iftype_data.  Move the assignment to the if blocks to
>avoid this.  Cleans up static analysis warnings.
>
>Addresses-Coverity: ("Explicit null dereference")
>Fixes: 9f056ed8ee01 ("ath11k: add HE support")
>Signed-off-by: Colin Ian King <colin.king@canonical.com>
>---
> drivers/net/wireless/ath/ath11k/mac.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)

It looks fine for me. Thanks.
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
_______________________________________________
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k

Re: [PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[Christophe JAILLET]

Le 11/01/2020 à 10:50, linmiaohe a écrit :
> Colin Ian King <colin.king@canonical.com> wrote：
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> In the unlikely event that cap->supported_bands has neither WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer band is null and a null dereference occurs when assigning
>> band->n_iftype_data.  Move the assignment to the if blocks to
>> avoid this.  Cleans up static analysis warnings.
>>
>> Addresses-Coverity: ("Explicit null dereference")
>> Fixes: 9f056ed8ee01 ("ath11k: add HE support")
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>> ---
>> drivers/net/wireless/ath/ath11k/mac.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
> It looks fine for me. Thanks.
> Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>

Shouldn't there be a

|

- band->n_iftype_data  =  count; at the end of the patch if the assignment is *moved*? Without it, 
'band' (as well as 'count') could be un-initialized, and lead to memory 
corruption. Just my 2c. CJ |

Re: [PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[Marion & Christophe JAILLET]

Le 11/01/2020 à 10:50, linmiaohe a écrit :
> Colin Ian King<colin.king@canonical.com>  wrote：
>> From: Colin Ian King<colin.king@canonical.com>
>>
>> In the unlikely event that cap->supported_bands has neither WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer band is null and a null dereference occurs when assigning
>> band->n_iftype_data.  Move the assignment to the if blocks to
>> avoid this.  Cleans up static analysis warnings.
>>
>> Addresses-Coverity: ("Explicit null dereference")
>> Fixes: 9f056ed8ee01 ("ath11k: add HE support")
>> Signed-off-by: Colin Ian King<colin.king@canonical.com>
>> ---
>> drivers/net/wireless/ath/ath11k/mac.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
> It looks fine for me. Thanks.
> Reviewed-by: Miaohe Lin<linmiaohe@huawei.com>
(sorry for incomplete mail and mailing list addresses, my newsreader ate 
them, and I cannot get the list from get_maintainer.pl because my 
(outdated) tree does not have ath11k/...
I've only including the ones in memory of my mail writer.

Please forward if needed)


Hi

Shouldn't there be a

|

- band->n_iftype_data  =  count; at the end of the patch if the assignment is *moved*? Without it, 
'band' (as well as 'count') could be un-initialized, and lead to memory 
corruption. Just my 2c. CJ |

Re: [PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[Marion & Christophe JAILLET]

Le 11/01/2020 à 10:50, linmiaohe a écrit :
> Colin Ian King<colin.king@canonical.com>  wrote：
>> From: Colin Ian King<colin.king@canonical.com>
>>
>> In the unlikely event that cap->supported_bands has neither WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer band is null and a null dereference occurs when assigning
>> band->n_iftype_data.  Move the assignment to the if blocks to
>> avoid this.  Cleans up static analysis warnings.
>>
>> Addresses-Coverity: ("Explicit null dereference")
>> Fixes: 9f056ed8ee01 ("ath11k: add HE support")
>> Signed-off-by: Colin Ian King<colin.king@canonical.com>
>> ---
>> drivers/net/wireless/ath/ath11k/mac.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
> It looks fine for me. Thanks.
> Reviewed-by: Miaohe Lin<linmiaohe@huawei.com>
(sorry for incomplete mail and mailing list addresses, my newsreader ate 
them, and I cannot get the list from get_maintainer.pl because my 
(outdated) tree does not have ath11k/...
I've only including the ones in memory of my mail writer.

Please forward if needed)


Hi

Shouldn't there be a

|

- band->n_iftype_data  =  count; at the end of the patch if the assignment is *moved*? Without it, 
'band' (as well as 'count') could be un-initialized, and lead to memory 
corruption. Just my 2c. CJ |

Re: [PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[Dan Carpenter]

On Sat, Jan 11, 2020 at 12:57:11PM +0100, Marion & Christophe JAILLET wrote:
> Le 11/01/2020 à 10:50, linmiaohe a écrit :
> > Colin Ian King<colin.king@canonical.com>  wrote：
> > > From: Colin Ian King<colin.king@canonical.com>
> > > 
> > > In the unlikely event that cap->supported_bands has neither WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer band is null and a null dereference occurs when assigning
> > > band->n_iftype_data.  Move the assignment to the if blocks to
> > > avoid this.  Cleans up static analysis warnings.
> > > 
> > > Addresses-Coverity: ("Explicit null dereference")
> > > Fixes: 9f056ed8ee01 ("ath11k: add HE support")
> > > Signed-off-by: Colin Ian King<colin.king@canonical.com>
> > > ---
> > > drivers/net/wireless/ath/ath11k/mac.c | 8 ++++----
> > > 1 file changed, 4 insertions(+), 4 deletions(-)
> > It looks fine for me. Thanks.
> > Reviewed-by: Miaohe Lin<linmiaohe@huawei.com>
> (sorry for incomplete mail and mailing list addresses, my newsreader ate
> them, and I cannot get the list from get_maintainer.pl because my (outdated)
> tree does not have ath11k/...
> I've only including the ones in memory of my mail writer.
> 
> Please forward if needed)
> 
> 
> Hi
> 
> Shouldn't there be a
> 
> |
> 
> - band->n_iftype_data  =  count; at the end of the patch if the assignment
> is *moved*? Without it, 'band' (as well as 'count') could be un-initialized,
> and lead to memory corruption. Just my 2c. CJ |

You must be looking at different code.  There is no uninitialized
variable.  The patched code looks like:

drivers/net/wireless/ath/ath11k/mac.c
  3520  static void ath11k_mac_setup_he_cap(struct ath11k *ar,
  3521                                      struct ath11k_pdev_cap *cap)
  3522  {
  3523          struct ieee80211_supported_band *band;
  3524          int count;
  3525  
  3526          if (cap->supported_bands & WMI_HOST_WLAN_2G_CAP) {
  3527                  count = ath11k_mac_copy_he_cap(ar, cap,
  3528                                                 ar->mac.iftype[NL80211_BAND_2GHZ],
  3529                                                 NL80211_BAND_2GHZ);
  3530                  band = &ar->mac.sbands[NL80211_BAND_2GHZ];
  3531                  band->iftype_data = ar->mac.iftype[NL80211_BAND_2GHZ];
  3532                  band->n_iftype_data = count;
  3533          }
  3534  
  3535          if (cap->supported_bands & WMI_HOST_WLAN_5G_CAP) {
  3536                  count = ath11k_mac_copy_he_cap(ar, cap,
  3537                                                 ar->mac.iftype[NL80211_BAND_5GHZ],
  3538                                                 NL80211_BAND_5GHZ);
  3539                  band = &ar->mac.sbands[NL80211_BAND_5GHZ];
  3540                  band->iftype_data = ar->mac.iftype[NL80211_BAND_5GHZ];
  3541                  band->n_iftype_data = count;
  3542          }
  3543  }

regards,
dan carpenter

Re: [PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[Dan Carpenter]

On Sat, Jan 11, 2020 at 12:57:11PM +0100, Marion & Christophe JAILLET wrote:
> Le 11/01/2020 à 10:50, linmiaohe a écrit :
> > Colin Ian King<colin.king@canonical.com>  wrote：
> > > From: Colin Ian King<colin.king@canonical.com>
> > > 
> > > In the unlikely event that cap->supported_bands has neither WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer band is null and a null dereference occurs when assigning
> > > band->n_iftype_data.  Move the assignment to the if blocks to
> > > avoid this.  Cleans up static analysis warnings.
> > > 
> > > Addresses-Coverity: ("Explicit null dereference")
> > > Fixes: 9f056ed8ee01 ("ath11k: add HE support")
> > > Signed-off-by: Colin Ian King<colin.king@canonical.com>
> > > ---
> > > drivers/net/wireless/ath/ath11k/mac.c | 8 ++++----
> > > 1 file changed, 4 insertions(+), 4 deletions(-)
> > It looks fine for me. Thanks.
> > Reviewed-by: Miaohe Lin<linmiaohe@huawei.com>
> (sorry for incomplete mail and mailing list addresses, my newsreader ate
> them, and I cannot get the list from get_maintainer.pl because my (outdated)
> tree does not have ath11k/...
> I've only including the ones in memory of my mail writer.
> 
> Please forward if needed)
> 
> 
> Hi
> 
> Shouldn't there be a
> 
> |
> 
> - band->n_iftype_data  =  count; at the end of the patch if the assignment
> is *moved*? Without it, 'band' (as well as 'count') could be un-initialized,
> and lead to memory corruption. Just my 2c. CJ |

You must be looking at different code.  There is no uninitialized
variable.  The patched code looks like:

drivers/net/wireless/ath/ath11k/mac.c
  3520  static void ath11k_mac_setup_he_cap(struct ath11k *ar,
  3521                                      struct ath11k_pdev_cap *cap)
  3522  {
  3523          struct ieee80211_supported_band *band;
  3524          int count;
  3525  
  3526          if (cap->supported_bands & WMI_HOST_WLAN_2G_CAP) {
  3527                  count = ath11k_mac_copy_he_cap(ar, cap,
  3528                                                 ar->mac.iftype[NL80211_BAND_2GHZ],
  3529                                                 NL80211_BAND_2GHZ);
  3530                  band = &ar->mac.sbands[NL80211_BAND_2GHZ];
  3531                  band->iftype_data = ar->mac.iftype[NL80211_BAND_2GHZ];
  3532                  band->n_iftype_data = count;
  3533          }
  3534  
  3535          if (cap->supported_bands & WMI_HOST_WLAN_5G_CAP) {
  3536                  count = ath11k_mac_copy_he_cap(ar, cap,
  3537                                                 ar->mac.iftype[NL80211_BAND_5GHZ],
  3538                                                 NL80211_BAND_5GHZ);
  3539                  band = &ar->mac.sbands[NL80211_BAND_5GHZ];
  3540                  band->iftype_data = ar->mac.iftype[NL80211_BAND_5GHZ];
  3541                  band->n_iftype_data = count;
  3542          }
  3543  }

regards,
dan carpenter

Re: [PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[Kalle Valo]

Colin King <colin.king@canonical.com> wrote:

> In the unlikely event that cap->supported_bands has neither
> WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer
> band is null and a null dereference occurs when assigning
> band->n_iftype_data.  Move the assignment to the if blocks to
> avoid this.  Cleans up static analysis warnings.
> 
> Addresses-Coverity: ("Explicit null dereference")
> Fixes: 9f056ed8ee01 ("ath11k: add HE support")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

Patch applied to ath-next branch of ath.git, thanks.

3b4516838eaa ath11k: avoid null pointer dereference when pointer band is null

-- 
https://patchwork.kernel.org/patch/11328755/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: [PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[Kalle Valo]

Colin King <colin.king@canonical.com> wrote:

> In the unlikely event that cap->supported_bands has neither
> WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer
> band is null and a null dereference occurs when assigning
> band->n_iftype_data.  Move the assignment to the if blocks to
> avoid this.  Cleans up static analysis warnings.
> 
> Addresses-Coverity: ("Explicit null dereference")
> Fixes: 9f056ed8ee01 ("ath11k: add HE support")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

Patch applied to ath-next branch of ath.git, thanks.

3b4516838eaa ath11k: avoid null pointer dereference when pointer band is null

-- 
https://patchwork.kernel.org/patch/11328755/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: [PATCH][next] ath11k: avoid null pointer dereference when pointer band is null

[Kalle Valo]

Colin King <colin.king@canonical.com> wrote:

> In the unlikely event that cap->supported_bands has neither
> WMI_HOST_WLAN_2G_CAP set or WMI_HOST_WLAN_5G_CAP set then pointer
> band is null and a null dereference occurs when assigning
> band->n_iftype_data.  Move the assignment to the if blocks to
> avoid this.  Cleans up static analysis warnings.
> 
> Addresses-Coverity: ("Explicit null dereference")
> Fixes: 9f056ed8ee01 ("ath11k: add HE support")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

Patch applied to ath-next branch of ath.git, thanks.

3b4516838eaa ath11k: avoid null pointer dereference when pointer band is null

-- 
https://patchwork.kernel.org/patch/11328755/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

_______________________________________________
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k