Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp5515591pxb; Mon, 15 Feb 2021 23:56:18 -0800 (PST) X-Google-Smtp-Source: ABdhPJwHfQ47KONlnPsv0CPX55bPRnLSoDUaXrsNLvwywrrXYejTWDyYfP+XgkCmerzMB5UAyrzo X-Received: by 2002:a05:6402:5:: with SMTP id d5mr19836518edu.121.1613462178630; Mon, 15 Feb 2021 23:56:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613462178; cv=none; d=google.com; s=arc-20160816; b=iYjYwIjox0YI89KHHNsYiaPaP/tzd56RduFFw/7uwecm5WgYUGOKCPtK6Yhgst6zv6 u57nsC9gJbUOh2Kpbo7HTKvMa9/KLsfJuvsdKXR1NFb2cpwZ6ZxWg1UUSA42O3TODM4f 2tKQXpTFPVAdUNt/GFdrMFx8STTzbNx0wFLA7Wb3GFcQK9buMk6sLIfSi4KECINb4Ojs qZMc0kHPNqqTIBKOdVhkrHuFX1Rx/5UcBx3YOMeG9ZlQ0wMFeDbTtVuTeg8g0Vrrzykn lcAfNucuHgsAtmKtkCEK+S4P+DajnW5FhTEg8pgSeyrSYuzkfWqIX75KHPnUVvcqengM JQ0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:subject:from :references:cc:to:dkim-signature; bh=Coy/hZCMNVQEd82cbAZp1E9jRuaBjYHERBZbVUjwjEY=; b=gynSVtoUBraXmG6XmcVzJSVK0TSCQoflsWLApA5DDp5G02efcyKeNGWRHTurgbDzvl FViEiJhdsyWdVXCVIPzZ0XzdVQ6qh70/bR5CzbgEuN7J/ohPLL8mbCTLkGpzaAs89NLM opSuurswaz2ddt8LCVa4th7amFjjdJMfSQCVvltEyDeJKxvpcukVCtj9ZI27yp2DIXng rg7dGB0PJaMqZMqLNQR8hKDZ9YxpxwyY1B/vo1jC3ssa8D1i3Gxag9ZBTcVdE+UfpnZE CZaV/us4AHHHVbJPF3UcXOGD0DGw3y0CL02+j0Ff9LRadRVzPhL9b1OhvWZQSTvcwGE1 RPqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=qoVgrsfQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m7si14187607edj.442.2021.02.15.23.55.55; Mon, 15 Feb 2021 23:56:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=qoVgrsfQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229830AbhBPHyy (ORCPT + 99 others); Tue, 16 Feb 2021 02:54:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229764AbhBPHyt (ORCPT ); Tue, 16 Feb 2021 02:54:49 -0500 Received: from nbd.name (nbd.name [IPv6:2a01:4f8:221:3d45::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6127C061574; Mon, 15 Feb 2021 23:54:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbd.name; s=20160729; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: MIME-Version:Date:Message-ID:Subject:From:References:Cc:To:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Coy/hZCMNVQEd82cbAZp1E9jRuaBjYHERBZbVUjwjEY=; b=qoVgrsfQzp/oEa48rOzTrwyUrW zLaJAwQ3VfbYazue2bz6hLFoBBslfeZpIAuu4rrZ+3gcdbTLsAVg78wDK6g9ii3L86SPtQ0JTtNiO FjMUcAVsneZya2q5iIkOhGKIS/izZU/kPvA5KuHmt2KDY0ie51PrLZP65aUWaZCE6+rQ=; Received: from p4ff13c8d.dip0.t-ipconnect.de ([79.241.60.141] helo=nf.local) by ds12 with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1lBvBB-0002ji-MX; Tue, 16 Feb 2021 08:53:53 +0100 To: Kalle Valo , Shuah Khan Cc: davem@davemloft.net, kuba@kernel.org, ath9k-devel@qca.qualcomm.com, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <43ed9abb9e8d7112f3cc168c2f8c489e253635ba.1613090339.git.skhan@linuxfoundation.org> <20210216070336.D138BC43463@smtp.codeaurora.org> From: Felix Fietkau Subject: Re: [PATCH 2/2] ath9k: fix ath_tx_process_buffer() potential null ptr dereference Message-ID: <0fd9a538-e269-e10e-a7f9-02d4c5848420@nbd.name> Date: Tue, 16 Feb 2021 08:53:51 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: <20210216070336.D138BC43463@smtp.codeaurora.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2021-02-16 08:03, Kalle Valo wrote: > Shuah Khan wrote: > >> ath_tx_process_buffer() references ieee80211_find_sta_by_ifaddr() >> return pointer (sta) outside null check. Fix it by moving the code >> block under the null check. >> >> This problem was found while reviewing code to debug RCU warn from >> ath10k_wmi_tlv_parse_peer_stats_info() and a subsequent manual audit >> of other callers of ieee80211_find_sta_by_ifaddr() that don't hold >> RCU read lock. >> >> Signed-off-by: Shuah Khan >> Signed-off-by: Kalle Valo > > Patch applied to ath-next branch of ath.git, thanks. > > a56c14bb21b2 ath9k: fix ath_tx_process_buffer() potential null ptr dereference I just took another look at this patch, and it is completely bogus. Not only does the stated reason not make any sense (sta is simply passed to other functions, not dereferenced without checks), but this also introduces a horrible memory leak by skipping buffer completion if sta is NULL. Please drop it, the code is fine as-is. - Felix