Message ID | 20241126023349.46421-1-zghbqbc@gmail.com |
---|---|
State | Superseded |
Headers | show |
Series | wifi: ath11k: Fix NULL pointer check in ath11k_ce_rx_post_pipe() | expand |
diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c index e66e86bdec20..cc9ad014d800 100644 --- a/drivers/net/wireless/ath/ath11k/ce.c +++ b/drivers/net/wireless/ath/ath11k/ce.c @@ -324,7 +324,7 @@ static int ath11k_ce_rx_post_pipe(struct ath11k_ce_pipe *pipe) dma_addr_t paddr; int ret = 0; - if (!(pipe->dest_ring || pipe->status_ring)) + if (!(pipe->dest_ring && pipe->status_ring)) return 0; spin_lock_bh(&ab->ce.ce_lock);
Change the OR to AND. The previous code used OR within parentheses to check for NON-NULL pointer on one of pipe->dest_ring and pipe->status_ring. The previous code can not guarantee the pipe->dest_ring pointer is NON-NULL. When certain errors occur, causing pipe->dest_ring to be NULL while pipe->status_ring remains NON-NULL , the subsequent call to ath11k_ce_rx_buf_enqueue_pipe() will access the NULL pointer, resulting in a driver crash. If it is assumed that these two pointers will not become NULL for any reason , then only need to check pipe->dest_ring is or not a NULL pointer, and no need to check NULL pointer on pipe->status_ring. Signed-off-by: Baichuan Qi <zghbqbc@gmail.com> --- drivers/net/wireless/ath/ath11k/ce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)