linux_dsm_epyc7002/drivers/net/wireless/intel/iwlegacy
Jia-Ju Bai fe9b47944e iwl4965: Fix a null pointer dereference in il_tx_queue_free and il_cmd_queue_free
If "txq->cmd = kzalloc(...)" in il_tx_queue_init fails,
"kfree(txq->cmd[i])" in il_tx_queue_free and il_cmd_queue_free
in iwl4965_hw_txq_ctx_free will causes a null pointer dereference,
because txq->cmd is NULL at that time.

This patch fixes this problem by adding a if-check before kfree.
To avoid double free in il_tx_queue_free and il_cmd_queue_free
caused by the fixing, txq->meta and txq->cmd in error handling code
of il_tx_queue_init are assigned null values.
Otherwise, a double free will occur.

This patch has been tested in real device, and it actually fixes the bug.
Thanks Stanislaw for his suggestion.

Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2016-04-07 19:37:43 +03:00
..
3945-debug.c
3945-mac.c
3945-rs.c
3945.c
3945.h
4965-calib.c
4965-debug.c
4965-mac.c mac80211: pass block ack session timeout to to driver 2016-01-14 11:13:17 +01:00
4965-rs.c
4965.c
4965.h mac80211: pass block ack session timeout to to driver 2016-01-14 11:13:17 +01:00
commands.h
common.c iwl4965: Fix a null pointer dereference in il_tx_queue_free and il_cmd_queue_free 2016-04-07 19:37:43 +03:00
common.h
csr.h
debug.c
iwl-spectrum.h
Kconfig
Makefile
prph.h