Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp10422956ybi; Wed, 24 Jul 2019 22:57:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqwmPOH3PVRDc338z39m5seQZTzmYZ0a0i0Dr5m1wtQ+n8hqyvqkuDqx2C1LGeS7PukXEP/2 X-Received: by 2002:a62:483:: with SMTP id 125mr15404869pfe.245.1564034273077; Wed, 24 Jul 2019 22:57:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564034273; cv=none; d=google.com; s=arc-20160816; b=V3OTOAqDbA6A6a29WAUG+aiVhjZcecECRTOgeWu/jn27gGMushXYccsMss5jK3sfSd qm4X3VmSghl3xVXcWZ0CC5l8gwqNm9uPy0DcXLNh1Y4woGyCnkR5ROdOPwkL/rBE9UDd /RZllDrt+54NYEUvBUI8cI0S8ZkPhnOYlk49ASyHYMS24O+UwCtQNAQGeb47Rac3E7/6 Bj5hXEC8J/nlW+Zv+sRCA1tK0I4yNGhNDDTEglspdzG7JNL2lza0r0k37i/SSMUdw/VM rIjHs28L3TkbAUZloPdWnGmfNP8M/miZUN0A4go6wrxRssRdK3V/RVZhd6V/sKRADKxP zYYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=XaPPIiWUIw+srR38dv7d3glT/IecFwmvq8ytXOoqL14=; b=W1FDxyebX8rROwpQUbtUsNmNzOLYYkE80UqOqdIt4BKjYeV3PucaJHzLGIy/s9WEvP hS5s6fXLndfZURfljZrFcV69rvFz2IY8Co5SvemWyHvTwX3L9IZ6/MsnzNxUAsHBdUPR BGqkJ/390VFt/XoNfjHsv9srlF5HNVdIHOUlKrXBChc6kxWsG6gbP9r94DBo+qFNj2SH qm4wQrqaKCe/GraMeT8udVpbaQ5ju18gzXs53fHXrFoIXROaRWPKS+yIiKiFsK89zpIu YX0geDsJ0AX0/CRmHYxKO9UKwmGsA34uyinYWMSaYXIa2dWL8K1rxnZ1yW40qLTvl+2r P7Pw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=j6a2PUk0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p5si20549483pfp.64.2019.07.24.22.57.38; Wed, 24 Jul 2019 22:57:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=j6a2PUk0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404035AbfGYFjU (ORCPT + 99 others); Thu, 25 Jul 2019 01:39:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:53440 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404024AbfGYFjR (ORCPT ); Thu, 25 Jul 2019 01:39:17 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 032DB22BEB; Thu, 25 Jul 2019 05:39:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564033156; bh=ce7fbfmn7WPQZrn4iqFLfyd9W3lCC9lNzm8irjVWqL8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=j6a2PUk0+0IZJg7x9omC8EZBApbdJ64IrL/H+kYKG4W8g6YBQaVy5TvW6VG5rDBkf 52AfyTDVDoB7muyIcb826szbLQD9NJZ5oDag7wjplZyhlyVVfN3GCifljyMlrK9PB0 32VeGVx/SFo87pzFhsk15cRJMER/eJDhyzAqdDZs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Claire Chang , Brian Norris , Kalle Valo , Sasha Levin Subject: [PATCH 4.19 110/271] ath10k: add missing error handling Date: Wed, 24 Jul 2019 21:19:39 +0200 Message-Id: <20190724191704.631736716@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190724191655.268628197@linuxfoundation.org> References: <20190724191655.268628197@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit 4b553f3ca4cbde67399aa3a756c37eb92145b8a1 ] In function ath10k_sdio_mbox_rx_alloc() [sdio.c], ath10k_sdio_mbox_alloc_rx_pkt() is called without handling the error cases. This will make the driver think the allocation for skb is successful and try to access the skb. If we enable failslab, system will easily crash with NULL pointer dereferencing. Call trace of CONFIG_FAILSLAB: ath10k_sdio_irq_handler+0x570/0xa88 [ath10k_sdio] process_sdio_pending_irqs+0x4c/0x174 sdio_run_irqs+0x3c/0x64 sdio_irq_work+0x1c/0x28 Fixes: d96db25d2025 ("ath10k: add initial SDIO support") Signed-off-by: Claire Chang Reviewed-by: Brian Norris Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin --- drivers/net/wireless/ath/ath10k/sdio.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/ath/ath10k/sdio.c b/drivers/net/wireless/ath/ath10k/sdio.c index 7f61591ce0de..cb527a21f1ac 100644 --- a/drivers/net/wireless/ath/ath10k/sdio.c +++ b/drivers/net/wireless/ath/ath10k/sdio.c @@ -613,6 +613,10 @@ static int ath10k_sdio_mbox_rx_alloc(struct ath10k *ar, full_len, last_in_bundle, last_in_bundle); + if (ret) { + ath10k_warn(ar, "alloc_rx_pkt error %d\n", ret); + goto err; + } } ar_sdio->n_rx_pkts = i; -- 2.20.1