From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8012C76186 for ; Mon, 29 Jul 2019 19:27:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BA81F21655 for ; Mon, 29 Jul 2019 19:27:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564428446; bh=/ApC7WM3ufv7cj76sw2mx9VGB3VkdUPDImiuF2fr6S4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=ABKdS7IpOISXm/G3BlMHqfOWPBydFYj07BeYUsmJkxrPIieV9wTny4+fTrkGj39mA cAQZiVqwuybfyFHLJhxTKgT6NniGh4CBglo3S/32I+5A8yvTdOpQ9wCK9yz6DWLpmK 2+4PQqX/aoMngQ12MIzVqsek1cFCXk8J2a7COG+8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729898AbfG2T1Z (ORCPT ); Mon, 29 Jul 2019 15:27:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:39964 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388352AbfG2T1V (ORCPT ); Mon, 29 Jul 2019 15:27:21 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6ECC721655; Mon, 29 Jul 2019 19:27:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564428440; bh=/ApC7WM3ufv7cj76sw2mx9VGB3VkdUPDImiuF2fr6S4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pUh8Ibggn3bCj/Hfg+zwvsvnSMLv5NvhpdAmQs7/6NKtZBaTejS/CcnZkWGZYfVTH 3X2SxIMA4aV0H7Hj3ZF2gfvfQC5Szk8MyZW95UlESHdVjg40se4ylFCYhPT8Lxj29e DdIm8kHMe1AUERLELauiJS7WQTgBVpnbN1eTXvjs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Claire Chang , Brian Norris , Kalle Valo , Sasha Levin Subject: [PATCH 4.14 077/293] ath10k: add missing error handling Date: Mon, 29 Jul 2019 21:19:28 +0200 Message-Id: <20190729190830.536417774@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190729190820.321094988@linuxfoundation.org> References: <20190729190820.321094988@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit 4b553f3ca4cbde67399aa3a756c37eb92145b8a1 ] In function ath10k_sdio_mbox_rx_alloc() [sdio.c], ath10k_sdio_mbox_alloc_rx_pkt() is called without handling the error cases. This will make the driver think the allocation for skb is successful and try to access the skb. If we enable failslab, system will easily crash with NULL pointer dereferencing. Call trace of CONFIG_FAILSLAB: ath10k_sdio_irq_handler+0x570/0xa88 [ath10k_sdio] process_sdio_pending_irqs+0x4c/0x174 sdio_run_irqs+0x3c/0x64 sdio_irq_work+0x1c/0x28 Fixes: d96db25d2025 ("ath10k: add initial SDIO support") Signed-off-by: Claire Chang Reviewed-by: Brian Norris Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin --- drivers/net/wireless/ath/ath10k/sdio.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/ath/ath10k/sdio.c b/drivers/net/wireless/ath/ath10k/sdio.c index da9dbf3ddaa5..c6440d28ab48 100644 --- a/drivers/net/wireless/ath/ath10k/sdio.c +++ b/drivers/net/wireless/ath/ath10k/sdio.c @@ -610,6 +610,10 @@ static int ath10k_sdio_mbox_rx_alloc(struct ath10k *ar, full_len, last_in_bundle, last_in_bundle); + if (ret) { + ath10k_warn(ar, "alloc_rx_pkt error %d\n", ret); + goto err; + } } ar_sdio->n_rx_pkts = i; -- 2.20.1