From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Claire Chang <tientzu@chromium.org>,
Brian Norris <briannorris@chromium.org>,
Kalle Valo <kvalo@codeaurora.org>,
Sasha Levin <sashal@kernel.org>,
ath10k@lists.infradead.org, linux-wireless@vger.kernel.org,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.2 163/249] ath10k: add missing error handling
Date: Mon, 15 Jul 2019 09:45:28 -0400 [thread overview]
Message-ID: <20190715134655.4076-163-sashal@kernel.org> (raw)
In-Reply-To: <20190715134655.4076-1-sashal@kernel.org>
From: Claire Chang <tientzu@chromium.org>
[ Upstream commit 4b553f3ca4cbde67399aa3a756c37eb92145b8a1 ]
In function ath10k_sdio_mbox_rx_alloc() [sdio.c],
ath10k_sdio_mbox_alloc_rx_pkt() is called without handling the error cases.
This will make the driver think the allocation for skb is successful and
try to access the skb. If we enable failslab, system will easily crash with
NULL pointer dereferencing.
Call trace of CONFIG_FAILSLAB:
ath10k_sdio_irq_handler+0x570/0xa88 [ath10k_sdio]
process_sdio_pending_irqs+0x4c/0x174
sdio_run_irqs+0x3c/0x64
sdio_irq_work+0x1c/0x28
Fixes: d96db25d2025 ("ath10k: add initial SDIO support")
Signed-off-by: Claire Chang <tientzu@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/sdio.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/ath/ath10k/sdio.c b/drivers/net/wireless/ath/ath10k/sdio.c
index fae56c67766f..73ef3e75d199 100644
--- a/drivers/net/wireless/ath/ath10k/sdio.c
+++ b/drivers/net/wireless/ath/ath10k/sdio.c
@@ -602,6 +602,10 @@ static int ath10k_sdio_mbox_rx_alloc(struct ath10k *ar,
full_len,
last_in_bundle,
last_in_bundle);
+ if (ret) {
+ ath10k_warn(ar, "alloc_rx_pkt error %d\n", ret);
+ goto err;
+ }
}
ar_sdio->n_rx_pkts = i;
--
2.20.1
next prev parent reply other threads:[~2019-07-15 13:56 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-15 13:42 [PATCH AUTOSEL 5.2 001/249] ath10k: Check tx_stats before use it Sasha Levin
2019-07-15 13:42 ` [PATCH AUTOSEL 5.2 002/249] ath10k: htt: don't use txdone_fifo with SDIO Sasha Levin
2019-07-15 13:42 ` [PATCH AUTOSEL 5.2 003/249] ath10k: fix incorrect multicast/broadcast rate setting Sasha Levin
2019-07-15 13:42 ` [PATCH AUTOSEL 5.2 004/249] ath9k: Don't trust TX status TID number when reporting airtime Sasha Levin
2019-07-15 13:42 ` [PATCH AUTOSEL 5.2 005/249] wil6210: fix potential out-of-bounds read Sasha Levin
2019-07-15 13:42 ` [PATCH AUTOSEL 5.2 006/249] ath10k: Do not send probe response template for mesh Sasha Levin
2019-07-15 13:42 ` [PATCH AUTOSEL 5.2 008/249] ath9k: Check for errors when reading SREV register Sasha Levin
2019-07-15 13:42 ` [PATCH AUTOSEL 5.2 009/249] ath10k: Fix the wrong value of enums for wmi tlv stats id Sasha Levin
2019-07-15 13:42 ` [PATCH AUTOSEL 5.2 010/249] wil6210: fix missed MISC mbox interrupt Sasha Levin
2019-07-15 13:42 ` [PATCH AUTOSEL 5.2 011/249] ath6kl: add some bounds checking Sasha Levin
2019-07-15 13:42 ` [PATCH AUTOSEL 5.2 012/249] ath10k: add peer id check in ath10k_peer_find_by_id Sasha Levin
2019-07-15 13:42 ` [PATCH AUTOSEL 5.2 014/249] wil6210: fix spurious interrupts in 3-msi Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 015/249] ath: DFS JP domain W56 fixed pulse type 3 RADAR detection Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 016/249] ath10k: Fix encoding for protected management frames Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 018/249] batman-adv: fix for leaked TVLV handler Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 024/249] selftests/bpf: adjust verifier scale test Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 027/249] ice: Gracefully handle reset failure in ice_alloc_vfs() Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 030/249] net: stmmac: dwmac1000: Clear unused address entries Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 031/249] net: stmmac: dwmac4/5: " Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 032/249] net: stmmac: Prevent missing interrupts when running NAPI Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 033/249] ice: Fix couple of issues in ice_vsi_release Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 034/249] net: mvpp2: cls: Extract the RSS context when parsing the ethtool rule Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 035/249] net: hns3: initialize CPU reverse mapping Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 036/249] net: hns3: fix for FEC configuration Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 037/249] qed: Set the doorbell address correctly Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 040/249] af_key: fix leaks in key_pol_get_resp and dump_sp Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 041/249] xfrm: Fix xfrm sel prefix length validation Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 047/249] Revert "e1000e: fix cyclic resets at link up with active tx" Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 048/249] e1000e: start network tx queue only when link is up Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 049/249] ice: Check all VFs for MDD activity, don't disable Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 054/249] net: phy: Check against net_device being NULL Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 055/249] net: dsa: sja1105: Fix broken fixed-link interfaces on user ports Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 059/249] batman-adv: Fix duplicated OGMs on NETDEV_UP Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 064/249] net: hns3: add a check to pointer in error_detected and slot_reset Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 065/249] net: hns3: set ops to null when unregister ad_dev Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 072/249] net: stmmac: dwmac4: fix flow control issue Sasha Levin
2019-07-15 13:43 ` [PATCH AUTOSEL 5.2 073/249] net: stmmac: modify default value of tx-frames Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 075/249] net: fec: Do not use netdev messages too early Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 076/249] net: axienet: Fix race condition causing TX hang Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 079/249] net: sfp: add mutex to prevent concurrent state checks Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 080/249] netfilter: ipset: fix a missing check of nla_parse Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 081/249] ipset: Fix memory accounting for hash types on resize Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 085/249] selftests/bpf : clean up feature/ when make clean Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 095/249] bpf: silence warning messages in core Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 104/249] qed: iWARP - Fix tc for MPA ll2 connection Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 105/249] net: hns3: fix for dereferencing before null checking Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 106/249] net: hns3: fix for skb leak when doing selftest Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 107/249] net: hns3: delay ring buffer clearing during reset Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 110/249] xfrm: fix sa selector validation Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 119/249] vhost_net: disable zerocopy by default Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 120/249] iavf: allow null RX descriptors Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 124/249] bpf: fix callees pruning callers Sasha Levin
2019-07-15 13:44 ` [PATCH AUTOSEL 5.2 127/249] net: netsec: initialize tx ring on ndo_open Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 141/249] ipsec: select crypto ciphers for xfrm_algo Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 143/249] ipvs: defer hook registration to avoid leaks Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 156/249] net: stmmac: sun8i: force select external PHY when no internal one Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 157/249] rtlwifi: rtl8192cu: fix error handle when usb probe failed Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 158/249] mt7601u: do not schedule rx_tasklet when the device has been disconnected Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 160/249] mt7601u: fix possible memory leak when the device is disconnected Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 161/249] ipvs: fix tinfo memory leak in start_sync_thread Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 162/249] mt76: mt7615: do not process rx packets if the device is not initialized Sasha Levin
2019-07-15 13:45 ` Sasha Levin [this message]
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 164/249] ath10k: fix fw crash by moving chip reset after napi disabled Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 165/249] ath10k: fix PCIE device wake up failed Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 174/249] netfilter: ctnetlink: Fix regression in conntrack entry deletion Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 175/249] xsk: Properly terminate assignment in xskq_produce_flush_desc Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 177/249] bpf: fix BPF_ALU32 | BPF_ARSH on BE arches Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 180/249] net: hns3: restore the MAC autoneg state after reset Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 181/249] net/mlx5: Get vport ACL namespace by vport index Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 182/249] ixgbe: Check DDM existence in transceiver before access Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 186/249] ath9k: correctly handle short radar pulses Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 187/249] wil6210: drop old event after wmi_call timeout Sasha Levin
2019-07-15 13:45 ` [PATCH AUTOSEL 5.2 189/249] net/mlx5e: Attach/detach XDP program safely Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 199/249] net: hns3: fix a -Wformat-nonliteral compile warning Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 200/249] net: hns3: add some error checking in hclge_tm module Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 201/249] ath10k: Fix memory leak in qmi Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 202/249] ath10k: destroy sdio workqueue while remove sdio module Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 203/249] net: mvpp2: prs: Don't override the sign bit in SRAM parser shift Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 204/249] igb: clear out skb->tstamp after reading the txtime Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 205/249] net: hns3: add Asym Pause support to fix autoneg problem Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 206/249] net: ethernet: ti: cpsw: Assign OF node to slave devices Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 207/249] ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 208/249] iwlwifi: mvm: Drop large non sta frames Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 209/249] bpf: fix uapi bpf_prog_info fields alignment Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 210/249] netfilter: Fix remainder of pseudo-header protocol 0 Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 211/249] iwlwifi: dbg: fix debug monitor stop and restart delays Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 212/249] bnxt_en: Disable bus master during PCI shutdown and driver unload Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 213/249] bnxt_en: Fix statistics context reservation logic for RDMA driver Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 214/249] bnxt_en: Cap the returned MSIX vectors to the " Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 220/249] vxlan: do not destroy fdb if register_netdevice() is failed Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 221/249] bnx2x: Prevent ptp_task to be rescheduled indefinitely Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 222/249] net: usb: asix: init MAC address buffers Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 224/249] libbpf: fix GCC8 warning for strncpy Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 225/249] bpf, libbpf, smatch: Fix potential NULL pointer dereference Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 226/249] selftests: bpf: fix inlines in test_lwt_seg6local Sasha Levin
2019-07-17 9:43 ` Jiri Benc
2019-07-17 23:47 ` Sasha Levin
2019-07-18 7:36 ` Jiri Benc
2019-07-18 18:55 ` David Miller
2019-07-19 7:54 ` Jiri Benc
2019-07-18 19:32 ` Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 227/249] bonding: validate ip header before check IPPROTO_IGMP Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 231/249] tools: bpftool: Fix json dump crash on powerpc Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 232/249] net: hns3: enable broadcast promisc mode when initializing VF Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 233/249] net: hns3: fix port capbility updating issue Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 237/249] Bluetooth: 6lowpan: search for destination address in all peers Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 240/249] Bluetooth: Check state in l2cap_disconnect_rsp Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 241/249] Bluetooth: hidp: NUL terminate a string in the compat ioctl Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 242/249] gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 243/249] Bluetooth: validate BLE connection interval updates Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 244/249] gtp: fix suspicious RCU usage Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 245/249] gtp: fix Illegal context switch in RCU read-side critical section Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 246/249] gtp: fix use-after-free in gtp_encap_destroy() Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 247/249] gtp: fix use-after-free in gtp_newlink() Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 248/249] xdp: fix race on generic receive path Sasha Levin
2019-07-15 13:46 ` [PATCH AUTOSEL 5.2 249/249] net: mvmdio: defer probe of orion-mdio if a clock is not ready Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190715134655.4076-163-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ath10k@lists.infradead.org \
--cc=briannorris@chromium.org \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tientzu@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).