android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b0f25ca1ff
android_kernel_samsung_sm8650/drivers/net
History
Lorenzo Bianconi f5ac749a0b wifi: mt76: do not run mt76u_status_worker if the device is not running 
[ Upstream commit bd5dac7ced5a7c9faa4dc468ac9560c3256df845 ]

Fix the following NULL pointer dereference avoiding to run
mt76u_status_worker thread if the device is not running yet.

KASAN: null-ptr-deref in range
[0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 98 Comm: kworker/u2:2 Not tainted 5.14.0+ #78 Hardware
name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
Workqueue: mt76 mt76u_tx_status_data
RIP: 0010:mt76x02_mac_fill_tx_status.isra.0+0x82c/0x9e0
Code: c5 48 b8 00 00 00 00 00 fc ff df 80 3c 02 00 0f 85 94 01 00 00
48 b8 00 00 00 00 00 fc ff df 4d 8b 34 24 4c 89 f2 48 c1 ea 03 <0f>
b6
04 02 84 c0 74 08 3c 03 0f 8e 89 01 00 00 41 8b 16 41 0f b7
RSP: 0018:ffffc900005af988 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffffc900005afae8 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff832fc661 RDI: ffffc900005afc2a
RBP: ffffc900005afae0 R08: 0000000000000001 R09: fffff520000b5f3c
R10: 0000000000000003 R11: fffff520000b5f3b R12: ffff88810b6132d8
R13: 000000000000ffff R14: 0000000000000000 R15: ffffc900005afc28
FS:  0000000000000000(0000) GS:ffff88811aa00000(0000)
knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa0eda6a000 CR3: 0000000118f17000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
 mt76x02_send_tx_status+0x1d2/0xeb0
 mt76x02_tx_status_data+0x8e/0xd0
 mt76u_tx_status_data+0xe1/0x240
 process_one_work+0x92b/0x1460
 worker_thread+0x95/0xe00
 kthread+0x3a1/0x480
 ret_from_fork+0x1f/0x30
Modules linked in:
--[ end trace 8df5d20fc5040f65 ]--
RIP: 0010:mt76x02_mac_fill_tx_status.isra.0+0x82c/0x9e0
Code: c5 48 b8 00 00 00 00 00 fc ff df 80 3c 02 00 0f 85 94 01 00 00
48 b8 00 00 00 00 00 fc ff df 4d 8b 34 24 4c 89 f2 48 c1 ea 03 <0f>
b6
04 02 84 c0 74 08 3c 03 0f 8e 89 01 00 00 41 8b 16 41 0f b7
RSP: 0018:ffffc900005af988 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffffc900005afae8 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff832fc661 RDI: ffffc900005afc2a
RBP: ffffc900005afae0 R08: 0000000000000001 R09: fffff520000b5f3c
R10: 0000000000000003 R11: fffff520000b5f3b R12: ffff88810b6132d8
R13: 000000000000ffff R14: 0000000000000000 R15: ffffc900005afc28
FS:  0000000000000000(0000) GS:ffff88811aa00000(0000)
knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa0eda6a000 CR3: 0000000118f17000 CR4: 0000000000750ef0
PKRU: 55555554

Moreover move stat_work schedule out of the for loop.

Reported-by: Dokyung Song <dokyungs@yonsei.ac.kr>
Co-developed-by: Deren Wu <deren.wu@mediatek.com>
Signed-off-by: Deren Wu <deren.wu@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-12-31 13:33:04 +01:00
..
appletalk
arcnet arcnet: fix potential memory leak in com20020_probe() 2022-11-23 12:41:54 +00:00
bonding bonding: do failover when high prio link up 2022-12-31 13:32:53 +01:00
caif
can can: tcan4x5x: Fix use of register error status mask 2022-12-31 13:32:27 +01:00
dsa net: dsa: microchip: remove IRQF_TRIGGER_FALLING in request_threaded_irq 2022-12-31 13:32:56 +01:00
ethernet net: ethernet: mtk_eth_soc: drop packets to WDMA if the ring is full 2022-12-31 13:33:02 +01:00
fddi net: defxx: Fix missing err handling in dfx_init() 2022-12-31 13:32:26 +01:00
fjes net: drop the weight argument from netif_napi_add 2022-09-28 18:57:14 -07:00
hamradio hamradio: baycom_epp: Fix return type of baycom_send_packet() 2022-12-31 13:33:00 +01:00
hippi net: hippi: Add missing pci_disable_device() in rr_init_one() 2022-09-26 13:22:39 -07:00
hyperv net: hv_netvsc: Fix a warning triggered by memcpy in rndis_filter 2022-10-15 11:09:53 +01:00
ieee802154 ca8210: Fix crash by zero initializing data 2022-11-29 14:56:05 +01:00
ipa net: ipa: don't configure IDLE_INDICATION on v3.1 2022-10-25 19:49:13 -07:00
ipvlan ipvlan: hold lower dev to avoid possible use-after-free 2022-11-18 10:39:22 +00:00
mctp mctp: serial: Fix starting value for frame check sequence 2022-12-31 13:32:56 +01:00
mdio net: mdio: fix unbalanced fwnode reference count in mdio_device_release() 2022-12-06 12:50:00 +01:00
netdevsim netdevsim: Fix memory leak of nsim_dev->fa_cookie 2022-11-16 12:20:57 -08:00
pcs net: pcs: add new PCS driver for altera TSE PCS 2022-09-05 10:16:53 +01:00
phy net: phy: mxl-gpy: add MDINT workaround 2022-12-07 20:04:11 -08:00
plip net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() 2022-12-07 20:10:47 -08:00
ppp ppp: associate skb with a device at tx 2022-12-31 13:33:02 +01:00
pse-pd net: pse-pd: PSE_REGULATOR should depend on REGULATOR 2022-10-05 20:32:28 -07:00
slip
team Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-09-22 13:02:10 -07:00
usb net/cdc_ncm: Fix multicast RX support for CDC NCM devices with ZLP 2022-11-23 13:46:42 +00:00
vmxnet3 vmxnet3: use correct intrConf reference when using extended queues 2022-12-02 10:30:07 +00:00
vxlan net: move from strlcpy with unused retval to strscpy 2022-08-31 14:11:07 -07:00
wan net: farsync: Fix kmemleak when rmmods farsync 2022-12-31 13:32:26 +01:00
wireguard treewide: use get_random_bytes() when possible 2022-10-11 17:42:58 -06:00
wireless wifi: mt76: do not run mt76u_status_worker if the device is not running 2022-12-31 13:33:04 +01:00
wwan net: wwan: iosm: fix memory leak in ipc_mux_init() 2022-12-06 11:39:35 +01:00
xen-netback xen/netback: fix build warning 2022-12-07 16:03:21 +01:00
amt.c
bareudp.c
dummy.c net: move from strlcpy with unused retval to strscpy 2022-08-31 14:11:07 -07:00
eql.c
geneve.c net: move from strlcpy with unused retval to strscpy 2022-08-31 14:11:07 -07:00
gtp.c genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
ifb.c
Kconfig - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in 2022-10-10 17:53:04 -07:00
LICENSE.SRC
loopback.c net: loopback: use NET_NAME_PREDICTABLE for name_assign_type 2022-11-25 09:39:05 +00:00
macsec.c net: macsec: fix net device access prior to holding a lock 2022-12-31 13:32:53 +01:00
macvlan.c net: macvlan: Use built-in RCU list checking 2022-11-14 10:50:02 +00:00
macvtap.c net: macvtap: add __init/__exit annotations to module init/exit funcs 2022-09-21 18:22:30 -07:00
Makefile net: add framework to support Ethernet PSE and PDs devices 2022-10-03 17:33:56 -07:00
mdio.c
mhi_net.c net: mhi: Fix memory leak in mhi_net_dellink() 2022-11-14 11:21:02 +00:00
mii.c
net_failover.c net: move from strlcpy with unused retval to strscpy 2022-08-31 14:11:07 -07:00
netconsole.c net: move from strlcpy with unused retval to strscpy 2022-08-31 14:11:07 -07:00
nlmon.c
ntb_netdev.c ntb_netdev: Use dev_kfree_skb_any() in interrupt context 2022-12-31 13:32:28 +01:00
rionet.c net: move from strlcpy with unused retval to strscpy 2022-08-31 14:11:07 -07:00
sb1000.c
Space.c net: move from strlcpy with unused retval to strscpy 2022-08-31 14:11:07 -07:00
sungem_phy.c
tap.c
thunderbolt.c net: thunderbolt: fix memory leak in tbnet_open() 2022-12-08 09:07:37 -08:00
tun.c net: tun: Fix use-after-free in tun_detach() 2022-11-29 12:14:15 +01:00
veth.c net: drop the weight argument from netif_napi_add 2022-09-28 18:57:14 -07:00
virtio_net.c virtio_net: Fix probe failed when modprobe virtio_net 2022-11-24 09:26:35 +01:00
vrf.c net: move from strlcpy with unused retval to strscpy 2022-08-31 14:11:07 -07:00
vsockmon.c
xen-netfront.c xen-netfront: Fix NULL sring after live migration 2022-12-05 11:35:29 +00:00