Message ID | 6863f378a2a077701c60cea6ae654212e919d624.1692273610.git.daniel@makrotopia.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [net] net: ethernet: mtk_eth_soc: fix NULL pointer on hw reset | expand |
On Thu, Aug 17, 2023 at 01:01:11PM +0100, Daniel Golle wrote: > When a hardware reset is triggered on devices not initializing WED the > calls to mtk_wed_fe_reset and mtk_wed_fe_reset_complete dereference a > pointer on uninitialized stack memory. > Initialize the hw_list will 0s and break out of both functions in case > a hw_list entry is 0. > > Fixes: 08a764a7c51b ("net: ethernet: mtk_wed: add reset/reset_complete callbacks") > Signed-off-by: Daniel Golle <daniel@makrotopia.org> Reviewed-by: Simon Horman <horms@kernel.org>
On Thu, 17 Aug 2023 13:01:11 +0100 Daniel Golle wrote: > Initialize the hw_list will 0s and break out of both functions in case > a hw_list entry is 0. Static variables are always initialized to 0, I don't think that part is need.
diff --git a/drivers/net/ethernet/mediatek/mtk_wed.c b/drivers/net/ethernet/mediatek/mtk_wed.c index 00aeee0d5e45f..d14f5137379b9 100644 --- a/drivers/net/ethernet/mediatek/mtk_wed.c +++ b/drivers/net/ethernet/mediatek/mtk_wed.c @@ -41,7 +41,7 @@ #define MTK_WED_RRO_QUE_CNT 8192 #define MTK_WED_MIOD_ENTRY_CNT 128 -static struct mtk_wed_hw *hw_list[2]; +static struct mtk_wed_hw *hw_list[2] = {}; static DEFINE_MUTEX(hw_lock); struct mtk_wed_flow_block_priv { @@ -222,9 +222,13 @@ void mtk_wed_fe_reset(void) for (i = 0; i < ARRAY_SIZE(hw_list); i++) { struct mtk_wed_hw *hw = hw_list[i]; - struct mtk_wed_device *dev = hw->wed_dev; + struct mtk_wed_device *dev; int err; + if (!hw) + break; + + dev = hw->wed_dev; if (!dev || !dev->wlan.reset) continue; @@ -245,8 +249,12 @@ void mtk_wed_fe_reset_complete(void) for (i = 0; i < ARRAY_SIZE(hw_list); i++) { struct mtk_wed_hw *hw = hw_list[i]; - struct mtk_wed_device *dev = hw->wed_dev; + struct mtk_wed_device *dev; + + if (!hw) + break; + dev = hw->wed_dev; if (!dev || !dev->wlan.reset_complete) continue;
When a hardware reset is triggered on devices not initializing WED the calls to mtk_wed_fe_reset and mtk_wed_fe_reset_complete dereference a pointer on uninitialized stack memory. Initialize the hw_list will 0s and break out of both functions in case a hw_list entry is 0. Fixes: 08a764a7c51b ("net: ethernet: mtk_wed: add reset/reset_complete callbacks") Signed-off-by: Daniel Golle <daniel@makrotopia.org> --- drivers/net/ethernet/mediatek/mtk_wed.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-)