LinuxLists.cc - [PATCH][BUG] rtlwifi: rtl_pci_probe: Fix fail path of _rtl_pci_find

2017-07-30 08:02:34

Subject: [PATCH][BUG] rtlwifi: rtl_pci_probe: Fix fail path of _rtl_pci_find_adapter

_rtl_pci_find_adapter fail path will jump to label fail3 for
unsupported adapter types.

However, on course for fail3 there will be call rtl_deinit_core
before rtl_init_core.

For the inclusion of checking pci_iounmap this fail can be moved to
fail2.

Fixes
[ 4.492963] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 4.493067] IP: rtl_deinit_core+0x31/0x90 [rtlwifi]

Signed-off-by: Malcolm Priestley <[email protected]>
Cc: <[email protected]>
---
Although this is the first time I have encounted this bug in 4.13-rc1
there are some historical references so I have included stable.

drivers/net/wireless/realtek/rtlwifi/pci.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c
index 032b6317690d..08dc8919ef60 100644
--- a/drivers/net/wireless/realtek/rtlwifi/pci.c
+++ b/drivers/net/wireless/realtek/rtlwifi/pci.c
@@ -2257,7 +2257,7 @@ int rtl_pci_probe(struct pci_dev *pdev,
/* find adapter */
if (!_rtl_pci_find_adapter(pdev, hw)) {
err = -ENODEV;
- goto fail3;
+ goto fail2;
}

/* Init IO handler */
@@ -2318,10 +2318,10 @@ int rtl_pci_probe(struct pci_dev *pdev,
pci_set_drvdata(pdev, NULL);
rtl_deinit_core(hw);

+fail2:
if (rtlpriv->io.pci_mem_start != 0)
pci_iounmap(pdev, (void __iomem *)rtlpriv->io.pci_mem_start);

-fail2:
pci_release_regions(pdev);
complete(&rtlpriv->firmware_loading_complete);

--
2.11.0

2017-08-03 09:34:13

by Kalle Valo

[permalink] [raw]

Subject: Re: [BUG] rtlwifi: rtl_pci_probe: Fix fail path of _rtl_pci_find_adapter

Malcolm Priestley <[email protected]> wrote:

> _rtl_pci_find_adapter fail path will jump to label fail3 for
> unsupported adapter types.
>
> However, on course for fail3 there will be call rtl_deinit_core
> before rtl_init_core.
>
> For the inclusion of checking pci_iounmap this fail can be moved to
> fail2.
>
> Fixes
> [ 4.492963] BUG: unable to handle kernel NULL pointer dereference at (null)
> [ 4.493067] IP: rtl_deinit_core+0x31/0x90 [rtlwifi]
>
> Signed-off-by: Malcolm Priestley <[email protected]>
> Cc: <[email protected]>

Patch applied to wireless-drivers-next.git, thanks.

fc81bab5eeb1 rtlwifi: rtl_pci_probe: Fix fail path of _rtl_pci_find_adapter

--
https://patchwork.kernel.org/patch/9870227/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches