Greg KH <greg@xxxxxxxxx> writes: > On Tue, Jan 25, 2022 at 12:48:45AM +0800, Zhou Qingyang wrote: >> In brcmf_chip_recognition(), the return value of brcmf_chip_add_core() >> is assigned to core and is passed to brcmf_chip_sb_corerev(). In >> brcmf_chip_sb_corerev(), there exists dereference of core without check. >> the return value of brcmf_chip_add_core() could be ERR_PTR on failure of >> allocation, which could lead to a NULL pointer dereference bug. >> >> Fix this bug by adding IS_ERR check for every variable core. >> >> This bug was found by a static analyzer. >> >> Builds with 'make allyesconfig' show no new warnings, >> and our static analyzer no longer warns about this code >> >> Fixes: cb7cf7be9eba ("brcmfmac: make chip related functions host >> interface independent") >> Signed-off-by: Zhou Qingyang <zhou1615@xxxxxxx> >> --- >> The analysis employs differential checking to identify inconsistent >> security operations (e.g., checks or kfrees) between two code paths >> and confirms that the inconsistent operations are not recovered in the >> current function or the callers, so they constitute bugs. >> >> Note that, as a bug found by static analysis, it can be a false >> positive or hard to trigger. Multiple researchers have cross-reviewed >> the bug. > > As stated before, umn.edu is still not allowed to contribute to the > Linux kernel. Please work with your administration to resolve this > issue. Thanks Greg, I didn't notice that this is from umn.edu. After seeing what kind of "research" umn.edu does I will not even look at umn.edu patches, they all will be automatically rejected without comments. -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches