| Message ID | 6206228d.bdee.18f72609cf4.Coremail.congei42@163.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v1] wifi: mt76: mt7615: fix null pointer dereference bug | expand |
> Function mt7615_coredump_work will call vzalloc to allocate a large amount > of memory space, the size of which is 1300KB. There should be a null > pointer check after vzalloc. Otherwise, when the memory allocation fails > and returns NULL, the function will cause kernel crash. > > Fixes: de791098459d ("wifi: mt76: mt7615: fix null pointer dereference bug") > Signed-off-by: Sicong Huang <congei42@163.com> > --- > drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c > index 7ba789834e8d..04eb52904520 100644 > --- a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c > +++ b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c > @@ -2341,6 +2341,9 @@ void mt7615_coredump_work(struct work_struct *work) > } > > dump = vzalloc(MT76_CONNAC_COREDUMP_SZ); > + if(!dump) > + return; > + > data = dump; > > while (true) { > -- > 2.34.1 I guess the kernel will not crash here since we check the dump pointer in the while loop, we will just flush the msg_list queue. Regards, Lorenzo
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c index 7ba789834e8d..04eb52904520 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c +++ b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c @@ -2341,6 +2341,9 @@ void mt7615_coredump_work(struct work_struct *work) } dump = vzalloc(MT76_CONNAC_COREDUMP_SZ); + if(!dump) + return; + data = dump; while (true) {
Function mt7615_coredump_work will call vzalloc to allocate a large amount of memory space, the size of which is 1300KB. There should be a null pointer check after vzalloc. Otherwise, when the memory allocation fails and returns NULL, the function will cause kernel crash. Fixes: de791098459d ("wifi: mt76: mt7615: fix null pointer dereference bug") Signed-off-by: Sicong Huang <congei42@163.com> --- drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 3 +++ 1 file changed, 3 insertions(+)