| Message ID | 20241126023349.46421-1-zghbqbc@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Delegated to: | Kalle Valo |
| Headers | show |
| Series | wifi: ath11k: Fix NULL pointer check in ath11k_ce_rx_post_pipe() | expand |
> Change the OR to AND. > The previous code … I would appreciate further improvements for the change description. * How do you think about to add any tags (like “Fixes” and “Cc”) accordingly? https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.12#n145 * See also: https://lore.kernel.org/all/?q=%22This+looks+like+a+new+version+of+a+previously+submitted+patch%22 … > +++ b/drivers/net/wireless/ath/ath11k/ce.c > @@ -324,7 +324,7 @@ static int ath11k_ce_rx_post_pipe(struct ath11k_ce_pipe *pipe) > dma_addr_t paddr; > int ret = 0; > > - if (!(pipe->dest_ring || pipe->status_ring)) > + if (!(pipe->dest_ring && pipe->status_ring)) > return 0; … Is there a need to reconsider also such a return value? Regards, Markus
diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c index e66e86bdec20..cc9ad014d800 100644 --- a/drivers/net/wireless/ath/ath11k/ce.c +++ b/drivers/net/wireless/ath/ath11k/ce.c @@ -324,7 +324,7 @@ static int ath11k_ce_rx_post_pipe(struct ath11k_ce_pipe *pipe) dma_addr_t paddr; int ret = 0; - if (!(pipe->dest_ring || pipe->status_ring)) + if (!(pipe->dest_ring && pipe->status_ring)) return 0; spin_lock_bh(&ab->ce.ce_lock);
Change the OR to AND. The previous code used OR within parentheses to check for NON-NULL pointer on one of pipe->dest_ring and pipe->status_ring. The previous code can not guarantee the pipe->dest_ring pointer is NON-NULL. When certain errors occur, causing pipe->dest_ring to be NULL while pipe->status_ring remains NON-NULL , the subsequent call to ath11k_ce_rx_buf_enqueue_pipe() will access the NULL pointer, resulting in a driver crash. If it is assumed that these two pointers will not become NULL for any reason , then only need to check pipe->dest_ring is or not a NULL pointer, and no need to check NULL pointer on pipe->status_ring. Signed-off-by: Baichuan Qi <zghbqbc@gmail.com> --- drivers/net/wireless/ath/ath11k/ce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)