Mikhail Lobanov <m.lobanov@xxxxxxxxxxxx> wrote:
> The previous logic in ath11k_ce_rx_post_pipe() incorrectly required both
> dest_ring and status_ring to be NULL in order to exit the function.
> This caused the function to continue even if only one of the pointers
> was NULL, potentially leading to null pointer dereferences in
> ath11k_ce_rx_buf_enqueue_pipe().
>
> Fix the condition by modifying the logic so that the function returns
> early if either dest_ring or status_ring is NULL.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
> Signed-off-by: Mikhail Lobanov <m.lobanov@xxxxxxxxxxxx>
Jeff, what do you think?
--
https://patchwork.kernel.org/project/linux-wireless/patch/20240909150824.28195-1-m.lobanov@xxxxxxxxxxxx/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
https://docs.kernel.org/process/submitting-patches.html
