[v2] ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
Kalle Valo
kvalo at codeaurora.org
Mon Mar 26 08:13:45 PDT 2018
Carl Huang <cjhuang at codeaurora.org> wrote:
> The skb may be freed in tx completion context before
> trace_ath10k_wmi_cmd is called. This can be easily captured when
> KASAN(Kernel Address Sanitizer) is enabled. The fix is to move
> trace_ath10k_wmi_cmd before the send operation. As the ret has no
> meaning in trace_ath10k_wmi_cmd then, so remove this parameter too.
>
> Signed-off-by: Carl Huang <cjhuang at codeaurora.org>
> Tested-by: Brian Norris <briannorris at chromium.org>
> Reviewed-by: Brian Norris <briannorris at chromium.org>
> Signed-off-by: Kalle Valo <kvalo at codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
9ef0f58ed7b4 ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
--
https://patchwork.kernel.org/patch/10258179/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
More information about the ath10k
mailing list