Search Linux Wireless

Re: [PATCH v1] wifi: mt76: mt7615: fix null pointer dereference bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Function mt7615_coredump_work will call vzalloc to allocate a large amount
> of memory space, the size of which is 1300KB. There should be a null
> pointer check after vzalloc. Otherwise, when the memory allocation fails
> and returns NULL, the function will cause kernel crash.
> 
> Fixes: de791098459d ("wifi: mt76: mt7615: fix null pointer dereference bug")
> Signed-off-by: Sicong Huang <congei42@xxxxxxx>
> ---
>  drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
> index 7ba789834e8d..04eb52904520 100644
> --- a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
> +++ b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
> @@ -2341,6 +2341,9 @@ void mt7615_coredump_work(struct work_struct *work)
>  	}
>  
>  	dump = vzalloc(MT76_CONNAC_COREDUMP_SZ);
> +	if(!dump)
> +		return;
> +
>  	data = dump;
>  
>  	while (true) {
> -- 
> 2.34.1

I guess the kernel will not crash here since we check the dump pointer in the
while loop, we will just flush the msg_list queue.

Regards,
Lorenzo

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux