Commit 4e59c7c6 authored by Claire Chang's avatar Claire Chang Committed by Greg Kroah-Hartman

ath10k: add missing error handling

[ Upstream commit 4b553f3c ]

In function ath10k_sdio_mbox_rx_alloc() [sdio.c],
ath10k_sdio_mbox_alloc_rx_pkt() is called without handling the error cases.
This will make the driver think the allocation for skb is successful and
try to access the skb. If we enable failslab, system will easily crash with
NULL pointer dereferencing.

Call trace of CONFIG_FAILSLAB:
ath10k_sdio_irq_handler+0x570/0xa88 [ath10k_sdio]
process_sdio_pending_irqs+0x4c/0x174
sdio_run_irqs+0x3c/0x64
sdio_irq_work+0x1c/0x28

Fixes: d96db25d ("ath10k: add initial SDIO support")
Signed-off-by: default avatarClaire Chang <tientzu@chromium.org>
Reviewed-by: default avatarBrian Norris <briannorris@chromium.org>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 477c2749
...@@ -602,6 +602,10 @@ static int ath10k_sdio_mbox_rx_alloc(struct ath10k *ar, ...@@ -602,6 +602,10 @@ static int ath10k_sdio_mbox_rx_alloc(struct ath10k *ar,
full_len, full_len,
last_in_bundle, last_in_bundle,
last_in_bundle); last_in_bundle);
if (ret) {
ath10k_warn(ar, "alloc_rx_pkt error %d\n", ret);
goto err;
}
} }
ar_sdio->n_rx_pkts = i; ar_sdio->n_rx_pkts = i;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment