From patchwork Tue Jan 31 09:00:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Kaiser X-Patchwork-Id: 50746 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2641853wrn; Tue, 31 Jan 2023 01:05:44 -0800 (PST) X-Google-Smtp-Source: AK7set8UEnPau2UZL/XlhpMqiJ8Hzn3iY5u/AEE4A1B0mnUG1OFsfDBC5kBJjnPAc+SD8plofnYA X-Received: by 2002:aa7:87cf:0:b0:593:b17e:ff89 with SMTP id i15-20020aa787cf000000b00593b17eff89mr8362210pfo.1.1675155944064; Tue, 31 Jan 2023 01:05:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675155944; cv=none; d=google.com; s=arc-20160816; b=fAE0woyYErc5jHgSl74Nm2oeUpuf5ee/aFca+eRoqQqvJnQ1Xz6b4l3xoVglRSbo2L LJpUV4a84j+3gkKlKeTen9mCprK7GANHNGXSZz4T3CJS9RXw2QskHQl0i6YMrXpP8ugo 40BPgiS8FXt0QCub16kUvJbJnlJuz/U3tGhGRZU4Q3XJPCk0C6TwpGNlgy6enrTZ3WFm oP/IqknKSibrMczmiHi6bEk7XlEg/jvWBd+doCsIr8LSpJa/7WLUAcVn99QRGr7bbxXr 4UmcRNLsPtpC60OAFAiqpnouXc15tklf1fPZfQVHUIeipi8pPn6pyI3mscZLWdF0R3gZ rbHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=sqOh214yh13tthZ7brHognvhVbXHbTsaJYB9e42XCx8=; b=y4exPLnpHire1BTOYwEhPIFQn/yutlQAsExoypkaHXGWIfTgLi08fhYN0tPZoRKLLE srejxCBva6ILLBdSrebAbT2eyjSM5EEin2HIoYl5AkiGMg229698X2TA+O2WCWR6xxz8 nOdOrgWZlQE4l4qGftxDefDQx5tYZ3Lk5K6M30xUFsGtyo+K8ARrg1ue23UNTaUqdWla OLOGNIZEJe551d7/4Mc7j2o9ZMohXnfLKLc/HtimUDWSh62w9syfezV1l7kZDZuZPtEg f+r5OOyVoXsTEVXo2r2VbYhAI1LmznkPbrGHV2K+774SzF8/lwmObj4c+FOXM+prWeeB oSgQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bq16-20020a056a000e1000b00590732902c5si14988440pfb.161.2023.01.31.01.05.31; Tue, 31 Jan 2023 01:05:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231285AbjAaJFE (ORCPT + 99 others); Tue, 31 Jan 2023 04:05:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57990 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232115AbjAaJEm (ORCPT ); Tue, 31 Jan 2023 04:04:42 -0500 Received: from viti.kaiser.cx (viti.kaiser.cx [IPv6:2a01:238:43fe:e600:cd0c:bd4a:7a3:8e9f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD46E4ED32 for ; Tue, 31 Jan 2023 01:01:11 -0800 (PST) Received: from dslb-188-096-143-205.188.096.pools.vodafone-ip.de ([188.96.143.205] helo=martin-debian-2.paytec.ch) by viti.kaiser.cx with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1pMmVh-00052y-H3; Tue, 31 Jan 2023 10:01:01 +0100 From: Martin Kaiser To: Greg Kroah-Hartman Cc: Larry Finger , Phillip Potter , Michael Straube , Pavel Skripkin , linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org, Martin Kaiser Subject: [PATCH] staging: r8188eu: fix NULL check for rcu pointer Date: Tue, 31 Jan 2023 10:00:57 +0100 Message-Id: <20230131090057.241779-1-martin@kaiser.cx> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756528319373741530?= X-GMAIL-MSGID: =?utf-8?q?1756528319373741530?= Fix the NULL check for padapter->pnetdev->rx_handler_data. The current code calls rcu_dereference while it holds the rcu read lock and checks the pointer after releasing the lock. An rcu pointer may only be used between calls to rcu_read_lock and rcu_read_unlock. Replace the check with rcu_access_pointer. My understanding is that this function returns the value of the pointer and needs no locking. We can then check the pointer but we must not dereference it. Signed-off-by: Martin Kaiser --- drivers/staging/r8188eu/core/rtw_xmit.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/staging/r8188eu/core/rtw_xmit.c b/drivers/staging/r8188eu/core/rtw_xmit.c index 91f92ec5ef69..18941320e70e 100644 --- a/drivers/staging/r8188eu/core/rtw_xmit.c +++ b/drivers/staging/r8188eu/core/rtw_xmit.c @@ -1631,18 +1631,14 @@ s32 rtw_xmit(struct adapter *padapter, struct sk_buff **ppkt) struct xmit_priv *pxmitpriv = &padapter->xmitpriv; struct xmit_frame *pxmitframe = NULL; struct mlme_priv *pmlmepriv = &padapter->mlmepriv; - void *br_port = NULL; s32 res; pxmitframe = rtw_alloc_xmitframe(pxmitpriv); if (!pxmitframe) return -1; - rcu_read_lock(); - br_port = rcu_dereference(padapter->pnetdev->rx_handler_data); - rcu_read_unlock(); - - if (br_port && check_fwstate(pmlmepriv, WIFI_STATION_STATE | WIFI_ADHOC_STATE)) { + if (rcu_access_pointer(padapter->pnetdev->rx_handler_data) && + check_fwstate(pmlmepriv, WIFI_STATION_STATE | WIFI_ADHOC_STATE)) { res = rtw_br_client_tx(padapter, ppkt); if (res == -1) { rtw_free_xmitframe(pxmitpriv, pxmitframe);