diff options
| author | Matvey Kovalev <matvey.kovalev@ispras.ru> | 2025-09-17 22:20:01 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-10-06 11:20:06 +0200 |
| commit | 500fcc31e488d798937a23dbb1f62db46820c5b2 (patch) | |
| tree | 22e6b64f7bf6b109f316492c9b905eb8e2020499 | |
| parent | e4e99d69b8b8295c501b2eef89e13306b738b667 (diff) | |
| download | linux-500fcc31e488d798937a23dbb1f62db46820c5b2.tar.gz linux-500fcc31e488d798937a23dbb1f62db46820c5b2.tar.bz2 linux-500fcc31e488d798937a23dbb1f62db46820c5b2.zip | |
wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()
commit 3fd2ef2ae2b5c955584a3bee8e83ae7d7a98f782 upstream.
If ab->fw.m3_data points to data, then fw pointer remains null.
Further, if m3_mem is not allocated, then fw is dereferenced to be
passed to ath11k_err function.
Replace fw->size by m3_len.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 7db88b962f06 ("wifi: ath11k: add firmware-2.bin support")
Cc: stable@vger.kernel.org
Signed-off-by: Matvey Kovalev <matvey.kovalev@ispras.ru>
Reviewed-by: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>
Link: https://patch.msgid.link/20250917192020.1340-1-matvey.kovalev@ispras.ru
Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | drivers/net/wireless/ath/ath11k/qmi.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/wireless/ath/ath11k/qmi.c b/drivers/net/wireless/ath/ath11k/qmi.c index 378ac96b861b..1a42b4abe716 100644 --- a/drivers/net/wireless/ath/ath11k/qmi.c +++ b/drivers/net/wireless/ath/ath11k/qmi.c @@ -2557,7 +2557,7 @@ static int ath11k_qmi_m3_load(struct ath11k_base *ab) GFP_KERNEL); if (!m3_mem->vaddr) { ath11k_err(ab, "failed to allocate memory for M3 with size %zu\n", - fw->size); + m3_len); ret = -ENOMEM; goto out; } |