Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2563782lqp; Mon, 25 Mar 2024 02:44:37 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUWqS4sfa5AoFnmrrAfw2h5qbJoPkml7+NAReEVNQuyS5JEt/FFjY9oS3SSkXgUHea9Q4svYP0uzh1OwRJtK5VlOdKMLp9/UtiHLsak/w== X-Google-Smtp-Source: AGHT+IFMph100M3yZbw0XaOrkT7KybC71sjJOyq94WltdtDf/26IuodEbWSQ2hzjkLApiVB/9cBG X-Received: by 2002:a05:6808:1a07:b0:3c3:c64d:5908 with SMTP id bk7-20020a0568081a0700b003c3c64d5908mr6777670oib.5.1711359877658; Mon, 25 Mar 2024 02:44:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711359877; cv=pass; d=google.com; s=arc-20160816; b=golrdvvSLvhTFYhtHK7uVNsaiAhSf5Sj1jiS/kW/rNxCCZs714TtfN8OCmAlKZuEXc v2e2aVBdEYnmUJleedYje8VCGKYSTbmnSZhY7nHWpz8o+UIVkI7m4MBu4LpYX1dLiSzq XvxwrQyM4OX5MWSMXjI01bqo9lXPtu/ke6rupK48U9SSNsISN2DfCClpuSW3SVCOMAJi liyIGHyPzIOomuBfIY1bdA2PA1OhgNLl+7JoZE4PJoTQ7z/Hk1uufceZU2d+udzudQTR ldZdjx2odX13z9tszmNBoCKv4l+J9QRX4fqehUfI6ElzZX38+q13aFxU3EeIbAmufeLz J0lQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=me0DYcyCkzS2rJSVBMnsyRIeKl3qFcWykIHn1GNgkzQ=; fh=3duCb5Yc+ikttvAw4f9Y5SHKOsBrKwPoGu+NkvjFCJQ=; b=ubka/97bNVC0t4XLlspnBOnS87Ni8XDy+I+q/9hh95FP6Z6PxyXqK+wu2a+97Qj3Rw lKZQdWpK7qQPaRUZxHqiD9FJ6iTJRsqXsy881H++VowkHVUgf7J2H0+YY9gr51CPvRXr TDEZ/fE8q+ttr7Cl1E5xXu/20EYP0wZKbR9yAPfK+LnxW6WymI3+RG3qRuYXc06p8SkU lVmsZuPUEVqQ1yM61eaKq8msdT+FSvLHVBOgKYMbiVlS28GY1XO5xoQz+SF0EzMD3h3q EABQtpkIeVnS585GM1tb0CxB0SP91bkuJXiklbTdHzvDj4TDkNbQpgqfRbXzpk/cH5RH Qf5A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GYqD9Lgo; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-115842-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115842-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id c14-20020a630d0e000000b005dc9a3fa409si7091810pgl.197.2024.03.25.02.44.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 02:44:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-115842-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GYqD9Lgo; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-115842-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115842-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 4D7E029E9F8 for ; Mon, 25 Mar 2024 09:33:02 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6123737C908; Mon, 25 Mar 2024 03:01:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="GYqD9Lgo" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D0DF5145B11; Sun, 24 Mar 2024 23:13:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711322011; cv=none; b=dB1IEA/NA6tjWJpSTH6LHaV64YJjN8ez97idHQtJQIHQVy8Ap5GboaeX2kAib9cuVjhDJ9OnaK+TCgPnzjABqG18KqUmWIZba5BCw2MoyWSKYF52os/LU2ix+3gPRl7Oqo+RefGSR9vxrbz77qctYzurbGXR26VenNgMs1zxdcs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711322011; c=relaxed/simple; bh=S9eicRX5Oris5bmASqtF2I7Mldq+1S/Uwwv/mu4+hCI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Lfl9tlVu+k4PcctrFe36AVd7FSj9j8PfnFinxThY3lJrHfWkO5skUXjYg9h+aiLL3dVkF5M8H5VjJNrbGmNyg+cUPqG6VvwGa8zrJVem5ZEJezfZ0UeEYH/oOo6mFPi91mULrO2HHc5eQC3WvMfbU9DZJI4z2aDBZ6VqWVMDf1M= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=GYqD9Lgo; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id AF48BC433F1; Sun, 24 Mar 2024 23:13:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711322011; bh=S9eicRX5Oris5bmASqtF2I7Mldq+1S/Uwwv/mu4+hCI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GYqD9LgoJRoOrqkl9w1zQO7Z9MRj4IP8iQ3cvqnhsDan1GTvUoANiD8IIQtmzRbzp P9w8NzNUaCxFQ1rONVdSwdPEMl4TBoCTiJLlw5fgPNd8UO9k7ALc7RYb/iWDJ2EJk+ nHw/9KrzmiN41ihFflACP4kCacxT+hFhZCCMgklOfsF2X8HJfU2aNqgXi4TWIbt7JC GCnhotyVFymvO0y2/ENqUQDqQeEqCCJ9h8eKO+XeGirbuqagH8+DUhB1H/i+Gs6ej3 Vl2lqGJozV9fZ9eYwwImUWmrYG/by1m3pk/nn5lfq+kyDxbzQrFZNHCuCWk7nnJ/Vx BSSZLx7S3cAbg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Xingyuan Mo , Jeff Johnson , Kalle Valo , Sasha Levin Subject: [PATCH 6.1 083/451] wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() Date: Sun, 24 Mar 2024 19:05:59 -0400 Message-ID: <20240324231207.1351418-84-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324231207.1351418-1-sashal@kernel.org> References: <20240324231207.1351418-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Xingyuan Mo [ Upstream commit ad25ee36f00172f7d53242dc77c69fff7ced0755 ] We should check whether the WMI_TLV_TAG_STRUCT_MGMT_TX_COMPL_EVENT tlv is present before accessing it, otherwise a null pointer deference error will occur. Fixes: dc405152bb64 ("ath10k: handle mgmt tx completion event") Signed-off-by: Xingyuan Mo Acked-by: Jeff Johnson Signed-off-by: Kalle Valo Link: https://msgid.link/20231208043433.271449-1-hdthky0@gmail.com Signed-off-by: Sasha Levin --- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/ath/ath10k/wmi-tlv.c b/drivers/net/wireless/ath/ath10k/wmi-tlv.c index 876410a47d1d2..4d5009604eee7 100644 --- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c +++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c @@ -844,6 +844,10 @@ ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev(struct ath10k *ar, struct sk_buff *skb, } ev = tb[WMI_TLV_TAG_STRUCT_MGMT_TX_COMPL_EVENT]; + if (!ev) { + kfree(tb); + return -EPROTO; + } arg->desc_id = ev->desc_id; arg->status = ev->status; -- 2.43.0