Message ID | 20230227144823.947648-1-void0red@gmail.com |
---|---|
State | New |
Headers | show |
Series | [v3] wifi: mt76: handle failure of vzalloc in mt7615_coredump_work | expand |
On Mon, Feb 27, 2023 at 10:48:23PM +0800, void0red wrote: > From: Kang Chen <void0red@gmail.com> > > vzalloc may fails, dump might be null and will cause > illegal address access later. > > Link: https://lore.kernel.org/all/Y%2Fy5Asxw3T3m4jCw@lore-desk > Fixes: d2bf7959d9c0 ("mt76: mt7663: introduce coredump support") > Signed-off-by: Kang Chen <void0red@gmail.com> Reviewed-by: Simon Horman <simon.horman@corigine.com>
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c index a95602473..796768011 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c +++ b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c @@ -2380,7 +2380,7 @@ void mt7615_coredump_work(struct work_struct *work) break; skb_pull(skb, sizeof(struct mt7615_mcu_rxd)); - if (data + skb->len - dump > MT76_CONNAC_COREDUMP_SZ) { + if (!dump || data + skb->len - dump > MT76_CONNAC_COREDUMP_SZ) { dev_kfree_skb(skb); continue; } @@ -2390,6 +2390,8 @@ void mt7615_coredump_work(struct work_struct *work) dev_kfree_skb(skb); } - dev_coredumpv(dev->mt76.dev, dump, MT76_CONNAC_COREDUMP_SZ, - GFP_KERNEL); + + if (dump) + dev_coredumpv(dev->mt76.dev, dump, MT76_CONNAC_COREDUMP_SZ, + GFP_KERNEL); }