[PATCH v5.8] ath10k: Fix NULL pointer dereference in AHB device probe
Rajkumar Manoharan
rmanohar at codeaurora.org
Tue Jul 14 22:20:22 EDT 2020
On 2020-07-14 13:58, Hauke Mehrtens wrote:
> This fixes a NULL pointer dereference in the probe path for AHB
> devices.
> There attr parameter in the ath10k_ce_alloc_pipe() function is not
> initialized, but accessed. This function is called by
> ath10k_pci_setup_resource() which is called by ath10k_ahb_probe().
>
> The struct ath10k_pci is also used for AHB devices and not only for PCI
> devices.
>
> The initialization of the new members of struct ath10k_pci is moved to
> ath10k_pci_setup_resource() which is used by the PCI and the AHB code.
>
> This also fixes a use after free bug in ath10k_pci_remove() when ar_pci
> is accessed after ath10k_core_destroy() was called, which calls
> ieee80211_free_hw() and frees this memory.
>
> This fixes the following bug seen with backports-5.8-rc2 on OpenWrt on
> a
> IPQ4019 device:
>
Thanks Hauke for taking care of this. Your change LGTM.
-Rajkumar
More information about the ath10k
mailing list