Re: [PATCH] mwifiex: fix null pointer deference when adapter is null

[Kalle Valo]

kbuild test robot  writes:

> url:
> https://github.com/0day-ci/linux/commits/Colin-King/mwifiex-fix-null-pointer-deference-when-adapter-is-null/20160915-231625
> base:   
> https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git
>  master
> config: x86_64-randconfig-x013-201637 (attached as .config)
> compiler: gcc-6 (Debian 6.1.1-9) 6.1.1 20160705
> reproduce:
> # save the attached .config to linux build tree
> make ARCH=x86_64 
>
> All warnings (new ones prefixed by >>):
>
>drivers/net/wireless/marvell/mwifiex/main.c: In function 
> 'mwifiex_shutdown_sw':
>>> drivers/net/wireless/marvell/mwifiex/main.c:1433:1: warning: label 
>>> 'exit_remove' defined but not used [-Wunused-label]
> exit_remove:
> ^~~

Looks like a valid warning to me, so please resend.

-- 
Kalle Valo

Re: [PATCH] mwifiex: fix null pointer deference when adapter is null

[kbuild test robot]

Hi Colin,

[auto build test WARNING on wireless-drivers-next/master]
[also build test WARNING on next-20160915]
[cannot apply to v4.8-rc6]
[if your patch is applied to the wrong git tree, please drop us a note to help 
improve the system]
[Suggest to use git(>=2.9.0) format-patch --base= (or --base=auto for 
convenience) to record what (public, well-known) commit your patch series was 
built on]
[Check https://git-scm.com/docs/git-format-patch for more information]

url:
https://github.com/0day-ci/linux/commits/Colin-King/mwifiex-fix-null-pointer-deference-when-adapter-is-null/20160915-231625
base:   
https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git 
master
config: x86_64-randconfig-x013-201637 (attached as .config)
compiler: gcc-6 (Debian 6.1.1-9) 6.1.1 20160705
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64 

All warnings (new ones prefixed by >>):

   drivers/net/wireless/marvell/mwifiex/main.c: In function 
'mwifiex_shutdown_sw':
>> drivers/net/wireless/marvell/mwifiex/main.c:1433:1: warning: label 
>> 'exit_remove' defined but not used [-Wunused-label]
exit_remove:
^~~
   Cyclomatic Complexity 5 include/linux/compiler.h:__read_once_size
   Cyclomatic Complexity 5 include/linux/compiler.h:__write_once_size
   Cyclomatic Complexity 2 arch/x86/include/asm/bitops.h:set_bit
   Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:constant_test_bit
   Cyclomatic Complexity 1 arch/x86/include/asm/bitops.h:fls64
   Cyclomatic Complexity 1 include/linux/log2.h:__ilog2_u64
   Cyclomatic Complexity 1 include/linux/list.h:INIT_LIST_HEAD
   Cyclomatic Complexity 1 include/linux/list.h:list_empty
   Cyclomatic Complexity 1 include/asm-generic/getorder.h:__get_order
   Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_read
   Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_inc
   Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_dec
   Cyclomatic Complexity 1 arch/x86/include/asm/atomic.h:atomic_add_return
   Cyclomatic Complexity 1 include/linux/spinlock.h:spinlock_check
   Cyclomatic Complexity 1 include/linux/spinlock.h:spin_unlock_irqrestore
   Cyclomatic Complexity 1 include/linux/kasan.h:kasan_kmalloc
   Cyclomatic Complexity 28 include/linux/slab.h:kmalloc_index
   Cyclomatic Complexity 1 include/linux/slab.h:kmem_cache_alloc_trace
   Cyclomatic Complexity 1 include/linux/slab.h:kmalloc_order_trace
   Cyclomatic Complexity 68 include/linux/slab.h:kmalloc_large
   Cyclomatic Complexity 5 include/linux/slab.h:kmalloc
   Cyclomatic Complexity 1 include/linux/slab.h:kzalloc
   Cyclomatic Complexity 1 include/linux/skbuff.h:skb_end_pointer
   Cyclomatic Complexity 1 include/linux/skbuff.h:skb_queue_empty
   Cyclomatic Complexity 1 include/linux/skbuff.h:skb_shared
   Cyclomatic Complexity 1 include/linux/skbuff.h:skb_headroom
   Cyclomatic Complexity 1 include/linux/netdevice.h:netdev_get_tx_queue
   Cyclomatic Complexity 1 include/linux/netdevice.h:netdev_priv
   Cyclomatic Complexity 1 include/linux/netdevice.h:netif_tx_stop_queue
   Cyclomatic Complexity 1 include/linux/netdevice.h:netif_tx_queue_stopped
   Cyclomatic Complexity 1 include/linux/netdevice.h:netif_carrier_ok
   Cyclomatic Complexity 1 include/linux/etherdevice.h:is_multicast_ether_addr
   Cyclomatic Complexity 1 include/linux/etherdevice.h:ether_addr_copy
   Cyclomatic Complexity 1 include/linux/etherdevice.h:ether_addr_equal
   Cyclomatic Complexity 1 
include/linux/etherdevice.h:ether_addr_equal_unaligned
   Cyclomatic Complexity 1 
drivers/net/wireless/marvell/mwifiex/util.h:MWIFIEX_SKB_TXCB
   Cyclomatic Complexity 6 
drivers/net/wireless/marvell/mwifiex/main.h:mwifiex_get_priv
   Cyclomatic Complexity 1 
drivers/net/wireless/marvell/mwifiex/main.h:mwifiex_netdev_get_priv
   Cyclomatic Complexity 1 
drivers/net/wireless/marvell/mwifiex/main.h:mwifiex_is_skb_mgmt_frame
   Cyclomatic Complexity 1 
drivers/net/wireless/marvell/mwifiex/main.c:mwifiex_get_stats
   Cyclomatic Complexity 1 include/linux/workqueue.h:queue_work
   Cyclomatic Complexity 2 
drivers/net/wireless/marvell/mwifiex/main.c:mwifiex_queue_rx_work
   Cyclomatic Complexity 4 
drivers/net/wireless/marvell/mwifiex/main.c:mwifiex_set_multicast_list
   Cyclomatic Complexity 1 
drivers/net/wireless/marvell/mwifiex/main.c:mwifiex_netdev_select_wmm_queue
   Cyclomatic Complexity 1 include/linux/err.h:IS_ERR
   Cyclomatic Complexity 1 include/linux/timekeeping.h:ktime_get_real
   Cyclomatic Complexity 1 include/linux/skbuff.h:__net_timestamp
   Cyclomatic Complexity 1 
drivers/net/wireless/marvell/mwifiex/main.c:mwifiex_open
   Cyclomatic Complexity 2 
drivers/net/wireless/marvell/mwifiex/util.h:MWIFIEX_SKB_RXCB
   Cyclomatic Complexity 1 include/linux/netdevice.h:dev_kfree_skb_any
   Cyclomatic Complexity 6 
drivers/net/wireless/marvell/mwifiex/main.c:mwifiex_unregister
   Cyclomatic Complexity 2 

Re: [PATCH] mwifiex: fix null pointer deference when adapter is null

[Julian Calaby]

Hi All,

On Thu, Sep 15, 2016 at 11:42 PM, Colin King  wrote:
> From: Colin Ian King 
>
> If adapter is null the error exit path in mwifiex_shutdown_sw is
> to down the semaphore sem and print some debug via mwifiex_dbg.
> However, passing a NULL adapter to mwifiex_dbg causes a null
> pointer deference when accessing adapter->dev.  This fix checks
> for a null adapter at the start of the function and to exit
> without the need to up the semaphore and we also skip the debug
> to avoid the null pointer dereference.
>
> Signed-off-by: Colin Ian King 

Reviewed-by: Julian Calaby 

Thanks,

-- 
Julian Calaby

Email: julian.cal...@gmail.com
Profile: http://www.google.com/profiles/julian.calaby/

[PATCH] mwifiex: fix null pointer deference when adapter is null

[Colin King]

From: Colin Ian King 

If adapter is null the error exit path in mwifiex_shutdown_sw is
to down the semaphore sem and print some debug via mwifiex_dbg.
However, passing a NULL adapter to mwifiex_dbg causes a null
pointer deference when accessing adapter->dev.  This fix checks
for a null adapter at the start of the function and to exit
without the need to up the semaphore and we also skip the debug
to avoid the null pointer dereference.

Signed-off-by: Colin Ian King 
---
 drivers/net/wireless/marvell/mwifiex/main.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/net/wireless/marvell/mwifiex/main.c 
b/drivers/net/wireless/marvell/mwifiex/main.c
index 9b2e98c..7a4f8cc 100644
--- a/drivers/net/wireless/marvell/mwifiex/main.c
+++ b/drivers/net/wireless/marvell/mwifiex/main.c
@@ -1369,12 +1369,12 @@ mwifiex_shutdown_sw(struct mwifiex_adapter *adapter, 
struct semaphore *sem)
struct mwifiex_private *priv;
int i;
 
+   if (!adapter)
+   goto exit_return;
+
if (down_interruptible(sem))
goto exit_sem_err;
 
-   if (!adapter)
-   goto exit_remove;
-
priv = mwifiex_get_priv(adapter, MWIFIEX_BSS_ROLE_ANY);
mwifiex_deauthenticate(priv, NULL);
 
@@ -1434,6 +1434,7 @@ mwifiex_shutdown_sw(struct mwifiex_adapter *adapter, 
struct semaphore *sem)
up(sem);
 exit_sem_err:
mwifiex_dbg(adapter, INFO, "%s, successful\n", __func__);
+exit_return:
return 0;
 }
 
-- 
2.9.3