On Wed, Nov 27, 2024 at 05:32:41AM +0000, Ping-Ke Shih wrote:
> Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxx> wrote:
> > Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global
> > list of private data structures.
> >
> > Later on, commit 26634c4b1868 ("rtlwifi Modify existing bits to match
> > vendor version 2013.02.07") started adding the private data to that list at
> > probe time and added a hook, check_buddy_priv to find the private data from
> > a similar device.
> >
> > However, that function was never used.
> >
> > Besides, though there is a lock for that list, it is never used. And when
> > the probe fails, the private data is never removed from the list. This
> > would cause a second probe to access freed memory.
> >
> > Remove the unused hook, structures and members, which will prevent the
> > potential race condition on the list and its corruption during a second
> > probe when probe fails.
> >
> > Fixes: 26634c4b1868 ("rtlwifi Modify existing bits to match vendor version 2013.02.07")
>
> This is a cleanup patch, so I don't think we need a strong Fixes tag.
>
>
Well, there is a real bug here. Since the private data is not removed in
the probe error path, a second probe leads to the corruption of the list.
But since that list is not used for anything useful (the check_buddy_priv
is removed as part of this patch as it was never used), instead of adding
the list removal in the error path, we simply remove the entire list.
Thanks.
Cascardo.
