From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.2 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA404C433E1 for ; Wed, 24 Mar 2021 16:11:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AEDD661A01 for ; Wed, 24 Mar 2021 16:11:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231944AbhCXQLY (ORCPT ); Wed, 24 Mar 2021 12:11:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43886 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230035AbhCXQLO (ORCPT ); Wed, 24 Mar 2021 12:11:14 -0400 Received: from viti.kaiser.cx (viti.kaiser.cx [IPv6:2a01:238:43fe:e600:cd0c:bd4a:7a3:8e9f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85838C061763 for ; Wed, 24 Mar 2021 09:11:13 -0700 (PDT) Received: from martin by viti.kaiser.cx with local (Exim 4.89) (envelope-from ) id 1lP667-0001Ly-SM; Wed, 24 Mar 2021 17:11:07 +0100 Date: Wed, 24 Mar 2021 17:11:07 +0100 From: Martin Kaiser To: Colin King Cc: Larry Finger , Greg Kroah-Hartman , linux-staging@lists.linux.dev, kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH][next] staging: rtl8188eu: Fix null pointer dereference on free_netdev call Message-ID: <20210324161107.m7gbexp4e7e5vf77@viti.kaiser.cx> References: <20210324152135.254152-1-colin.king@canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210324152135.254152-1-colin.king@canonical.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: Martin Kaiser Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Colin, Thus wrote Colin King (colin.king@canonical.com): > From: Colin Ian King > An unregister_netdev call checks if pnetdev is null, hence a later > call to free_netdev can potentially be passing a null pointer, causing > a null pointer dereference. Avoid this by adding a null pointer check > on pnetdev before calling free_netdev. > Fixes: 1665c8fdffbb ("staging: rtl8188eu: use netdev routines for private data") > Signed-off-by: Colin Ian King > --- > drivers/staging/rtl8188eu/os_dep/usb_intf.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > diff --git a/drivers/staging/rtl8188eu/os_dep/usb_intf.c b/drivers/staging/rtl8188eu/os_dep/usb_intf.c > index 518e9feb3f46..91a3d34a1050 100644 > --- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c > +++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c > @@ -446,7 +446,8 @@ static void rtw_usb_if1_deinit(struct adapter *if1) > pr_debug("+r871xu_dev_remove, hw_init_completed=%d\n", > if1->hw_init_completed); > rtw_free_drv_sw(if1); > - free_netdev(pnetdev); > + if (pnetdev) > + free_netdev(pnetdev); > } > static int rtw_drv_init(struct usb_interface *pusb_intf, const struct usb_device_id *pdid) > -- > 2.30.2 you're right. I removed the NULL check that was part of rtw_free_netdev. Sorry for the mistake and thanks for your fix. Reviewed-by: Martin Kaiser Best regards, Martin