Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp3980356ybi; Mon, 29 Jul 2019 16:46:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqy1NOafw9VMDFJ2RtuznoEv0Bi9Fq8eYZ5QGen95z8u8sofqNrdUp6svACZRPsvl5+beQkI X-Received: by 2002:a62:f202:: with SMTP id m2mr40290095pfh.6.1564444007658; Mon, 29 Jul 2019 16:46:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564444007; cv=none; d=google.com; s=arc-20160816; b=YcrISp38LQVtK1km8JLCr0jCeh9xtc4jLhYkljkN3X4KohRT7hxeLRer5YfizGjfw1 a7d9bRJLXROF5JiSRFE4IcQ8L/Ebmmb/YTZqq2yp6RbrVmEwhlR2KFTLrdhn8T9Fu8zQ 8aUBbhZigzM2UTPXljvRoCyhTKCiAwr1IhCQfU+wB6I7Lgu8a6a8JYCFxr7RYP3KBpf5 2fGV7je5zLXhzwhOzXCzkjL7RDQwytHA4WMPTN3cUkESsqhysOtLKmQEC0y+CThWJxuH +hN6SxMVP7p6xZaDTeNSXBNZ439B/03QadTOQ4UYPAzfN+EtlAEZ5X+lJm3+otZOSsbT IgxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=JuHJb9uDmc9aN3jWrTjJ4nIE5+npGFezhkHacGtlago=; b=ZXR1gZ5V58bY8434D4ByNaAo4J1rf08Vdevu0ZcsqZm+A34BhZsdO4v4XDJj+WTUe2 GGtLzzsQB2p8tm0MUAdWOUScAT5rG35eHXr888fgjzbY/emsbK7jC1/XNDkLf+P+xoyC 3nQUZAm0PbA0DeeevycVDhSQovCqBnm1vnyGaB7ntYIRAO3H/Uf+lRhN3Rv8t0a+ZH1V CLdwunHVoAmedPKNoGyFXgat6JWUkg01ESuw7UgPzSW8u+QWNVgBKGZ+izryQ9sLc054 4T1ilCSTNgBZn8RpxYPoIrfK9aHsnh/4/XIHH+AyZXN9qHhbTlvFT/FUU44qA/wtCIpK PzjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pUh8Ibgg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r15si27237144pgj.71.2019.07.29.16.46.32; Mon, 29 Jul 2019 16:46:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pUh8Ibgg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728515AbfG2T1Y (ORCPT + 99 others); Mon, 29 Jul 2019 15:27:24 -0400 Received: from mail.kernel.org ([198.145.29.99]:39964 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388352AbfG2T1V (ORCPT ); Mon, 29 Jul 2019 15:27:21 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6ECC721655; Mon, 29 Jul 2019 19:27:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564428440; bh=/ApC7WM3ufv7cj76sw2mx9VGB3VkdUPDImiuF2fr6S4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pUh8Ibggn3bCj/Hfg+zwvsvnSMLv5NvhpdAmQs7/6NKtZBaTejS/CcnZkWGZYfVTH 3X2SxIMA4aV0H7Hj3ZF2gfvfQC5Szk8MyZW95UlESHdVjg40se4ylFCYhPT8Lxj29e DdIm8kHMe1AUERLELauiJS7WQTgBVpnbN1eTXvjs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Claire Chang , Brian Norris , Kalle Valo , Sasha Levin Subject: [PATCH 4.14 077/293] ath10k: add missing error handling Date: Mon, 29 Jul 2019 21:19:28 +0200 Message-Id: <20190729190830.536417774@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190729190820.321094988@linuxfoundation.org> References: <20190729190820.321094988@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit 4b553f3ca4cbde67399aa3a756c37eb92145b8a1 ] In function ath10k_sdio_mbox_rx_alloc() [sdio.c], ath10k_sdio_mbox_alloc_rx_pkt() is called without handling the error cases. This will make the driver think the allocation for skb is successful and try to access the skb. If we enable failslab, system will easily crash with NULL pointer dereferencing. Call trace of CONFIG_FAILSLAB: ath10k_sdio_irq_handler+0x570/0xa88 [ath10k_sdio] process_sdio_pending_irqs+0x4c/0x174 sdio_run_irqs+0x3c/0x64 sdio_irq_work+0x1c/0x28 Fixes: d96db25d2025 ("ath10k: add initial SDIO support") Signed-off-by: Claire Chang Reviewed-by: Brian Norris Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin --- drivers/net/wireless/ath/ath10k/sdio.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/ath/ath10k/sdio.c b/drivers/net/wireless/ath/ath10k/sdio.c index da9dbf3ddaa5..c6440d28ab48 100644 --- a/drivers/net/wireless/ath/ath10k/sdio.c +++ b/drivers/net/wireless/ath/ath10k/sdio.c @@ -610,6 +610,10 @@ static int ath10k_sdio_mbox_rx_alloc(struct ath10k *ar, full_len, last_in_bundle, last_in_bundle); + if (ret) { + ath10k_warn(ar, "alloc_rx_pkt error %d\n", ret); + goto err; + } } ar_sdio->n_rx_pkts = i; -- 2.20.1