Claire Chang <tien...@chromium.org> wrote:
> In function ath10k_sdio_mbox_rx_alloc() [sdio.c],
> ath10k_sdio_mbox_alloc_rx_pkt() is called without handling the error cases.
> This will make the driver think the allocation for skb is successful and
> try to access the skb. If we enable failslab, system will easily crash with
> NULL pointer dereferencing.
>
> Call trace of CONFIG_FAILSLAB:
> ath10k_sdio_irq_handler+0x570/0xa88 [ath10k_sdio]
> process_sdio_pending_irqs+0x4c/0x174
> sdio_run_irqs+0x3c/0x64
> sdio_irq_work+0x1c/0x28
>
> Fixes: d96db25d2025 ("ath10k: add initial SDIO support")
> Signed-off-by: Claire Chang <tien...@chromium.org>
> Reviewed-by: Brian Norris <briannor...@chromium.org>
> Signed-off-by: Kalle Valo <kv...@codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
4b553f3ca4cb ath10k: add missing error handling
--
https://patchwork.kernel.org/patch/10957013/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
