On Tue, 18 Apr 2023 07:29:18 -0700
Nikita Zhandarovich <[email protected]> wrote:
> Since second call of ssb_get_devtypedata() may fail as well as the
> first one, the NULL return value in 'wl' will be later dereferenced in
> calls to b43legacy_one_core_attach() and schedule_work().
No, the second call can't fail, because b43legacy_wireless_init() will
always initialize it before returning 0.
> a/drivers/net/wireless/broadcom/b43legacy/main.c +++
> b/drivers/net/wireless/broadcom/b43legacy/main.c @@ -3857,7 +3857,11
> @@ static int b43legacy_probe(struct ssb_device *dev, if (err)
> goto out;
> wl = ssb_get_devtypedata(dev);
> - B43legacy_WARN_ON(!wl);
> + if (!wl) {
> + B43legacy_WARN_ON(!wl);
> + err = -ENODEV;
> + goto out;
And the 'goto out' would be the wrong error recovery path, too.
> + }
> }
> err = b43legacy_one_core_attach(dev, wl);
> if (err)
Nack.
Please drop this patch. The code is correct as-is.
--
Michael Büsch
https://bues.ch/