Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> writes: > On 2/16/21 12:53 AM, Felix Fietkau wrote: >> >> On 2021-02-16 08:03, Kalle Valo wrote: >>> Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> wrote: >>> >>>> ath_tx_process_buffer() references ieee80211_find_sta_by_ifaddr() >>>> return pointer (sta) outside null check. Fix it by moving the code >>>> block under the null check. >>>> >>>> This problem was found while reviewing code to debug RCU warn from >>>> ath10k_wmi_tlv_parse_peer_stats_info() and a subsequent manual audit >>>> of other callers of ieee80211_find_sta_by_ifaddr() that don't hold >>>> RCU read lock. >>>> >>>> Signed-off-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> >>>> Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx> >>> >>> Patch applied to ath-next branch of ath.git, thanks. >>> >>> a56c14bb21b2 ath9k: fix ath_tx_process_buffer() potential null ptr dereference >> I just took another look at this patch, and it is completely bogus. >> Not only does the stated reason not make any sense (sta is simply passed >> to other functions, not dereferenced without checks), but this also >> introduces a horrible memory leak by skipping buffer completion if sta >> is NULL. >> Please drop it, the code is fine as-is. > > A comment describing what you said here might be a good addition to this > comment block though. Shuah, can you send a followup patch which reverts your change and adds the comment? I try to avoid rebasing my trees. -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
