| Message ID | 1561056973-32524-1-git-send-email-periyasa@codeaurora.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | f1df70c948f44ae4f1bec01114920c0520e752c8 |
| Delegated to: | Kalle Valo |
| Headers | show |
| Series | ath11k: fix invalid memory access | expand |
Karthikeyan Periyasamy <periyasa@codeaurora.org> wrote: > dp_reo_cache_flush_elem element get dynamically allocated with invalid size > which leads to the access of unallocated memory region or memory corruption. > Fix this bug by allocate with dp_reo_cache_flush_elem structure size. > > Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org> > Signed-off-by: Kalle Valo <kvalo@codeaurora.org> 11 patches applied to ath11k-bringup branch of ath.git, thanks. f1df70c948f4 ath11k: fix invalid memory access 3213345e51fc ath11k: Remove unnecessary whitespaces 9d18a5b1d777 ath11k: Avoid blank lines related warning e3b79f9ec2a4 ath11k: Avoid space related warning dcc1fd37c6dd ath11k: Fix Alignment should match open parenthesis warning d2b20789808d ath11k: Fix misspelled warnings e4e738f422d4 ath11k: fix unnecessary brace warnings 61bfed886e93 ath11k: fix Block comments warnings 1e9c09edaba3 ath11k: fix SPDX comment style warnings 6a82b2e7f17e ath11k: fix return statements on void function warnings ff1effad0d9b ath11k: fix string split across warnings
Kalle Valo <kvalo@codeaurora.org> writes: > Karthikeyan Periyasamy <periyasa@codeaurora.org> wrote: > >> dp_reo_cache_flush_elem element get dynamically allocated with invalid size >> which leads to the access of unallocated memory region or memory corruption. >> Fix this bug by allocate with dp_reo_cache_flush_elem structure size. >> >> Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org> >> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> > > 11 patches applied to ath11k-bringup branch of ath.git, thanks. > > f1df70c948f4 ath11k: fix invalid memory access > 3213345e51fc ath11k: Remove unnecessary whitespaces > 9d18a5b1d777 ath11k: Avoid blank lines related warning > e3b79f9ec2a4 ath11k: Avoid space related warning > dcc1fd37c6dd ath11k: Fix Alignment should match open parenthesis warning > d2b20789808d ath11k: Fix misspelled warnings > e4e738f422d4 ath11k: fix unnecessary brace warnings > 61bfed886e93 ath11k: fix Block comments warnings > 1e9c09edaba3 ath11k: fix SPDX comment style warnings > 6a82b2e7f17e ath11k: fix return statements on void function warnings > ff1effad0d9b ath11k: fix string split across warnings BTW, you could have put all these checkpatch cleanup patches into one patchset (ie. one patcheset with 11 patches). Easier to manage them that way. If the patches are somehow related it's usually a good idea to combine them to the same patchset.
diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c index 7654f9a..c64beb5 100644 --- a/drivers/net/wireless/ath/ath11k/dp_rx.c +++ b/drivers/net/wireless/ath/ath11k/dp_rx.c @@ -568,7 +568,7 @@ static void ath11k_dp_rx_tid_del_func(struct ath11k_dp *dp, void *ctx, return; } - elem = kzalloc(sizeof(elem), GFP_ATOMIC); + elem = kzalloc(sizeof(*elem), GFP_ATOMIC); if (!elem) { ath11k_warn(ab, "failed to allocate memory for cache flush element\n"); goto free_desc;
dp_reo_cache_flush_elem element get dynamically allocated with invalid size which leads to the access of unallocated memory region or memory corruption. Fix this bug by allocate with dp_reo_cache_flush_elem structure size. Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org> --- drivers/net/wireless/ath/ath11k/dp_rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)