Home Esplora Aiuto
Registrati Accedi
phyus
/
linux-vybrid_public
8
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

rtlwifi: rtl8192c_common: rtl8192de: Check for allocation failures

In https://bugzilla.redhat.com/show_bug.cgi?id=771656, a kernel bug was
triggered due to a failed skb allocation that was not checked. This event
lead to an audit of all memory allocations in the complete rtlwifi family
of drivers. This patch fixes the rest.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger 13 anni fa
parent
39d02a7d90
commit
76a92be537
4 ha cambiato i file con 20 aggiunte e 10 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 2 0
      drivers/net/wireless/rtlwifi/pci.c
  2. 2 0
      drivers/net/wireless/rtlwifi/rtl8192c/fw_common.c
  3. 9 5
      drivers/net/wireless/rtlwifi/rtl8192de/fw.c
  4. 7 5
      drivers/net/wireless/rtlwifi/usb.c

+ 2 - 0
drivers/net/wireless/rtlwifi/pci.c
Vedi File 

@@ -652,6 +652,8 @@ static void _rtl_receive_one(struct ieee80211_hw *hw, struct sk_buff *skb,
 
 		return;
 
 
 	uskb = dev_alloc_skb(skb->len + 128);
 
+	if (!uskb)
 
+		return;		/* exit if allocation failed */
 
 	memcpy(IEEE80211_SKB_RXCB(uskb), &rx_status, sizeof(rx_status));
 
 	pdata = (u8 *)skb_put(uskb, skb->len);
 
 	memcpy(pdata, skb->data, skb->len);

+ 2 - 0
drivers/net/wireless/rtlwifi/rtl8192c/fw_common.c
Vedi File 

@@ -785,6 +785,8 @@ void rtl92c_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool dl_finished)
 
 
 
 	skb = dev_alloc_skb(totalpacketlen);
 
+	if (!skb)
 
+		return;
 
 	memcpy((u8 *) skb_put(skb, totalpacketlen),
 
 	       &reserved_page_packet, totalpacketlen);

+ 9 - 5
drivers/net/wireless/rtlwifi/rtl8192de/fw.c
Vedi File 

@@ -756,12 +756,16 @@ void rtl92d_set_fw_rsvdpagepkt(struct ieee80211_hw *hw, bool dl_finished)
 
 		      "rtl92d_set_fw_rsvdpagepkt(): HW_VAR_SET_TX_CMD: ALL",
 
 		      u1RsvdPageLoc, 3);
 
 	skb = dev_alloc_skb(totalpacketlen);
 
-	memcpy((u8 *) skb_put(skb, totalpacketlen), &reserved_page_packet,
 
-		totalpacketlen);
 
-	rtstatus = _rtl92d_cmd_send_packet(hw, skb);
 
+	if (!skb) {
 
+		dlok = false;
 
+	} else {
 
+		memcpy((u8 *) skb_put(skb, totalpacketlen),
 
+			&reserved_page_packet, totalpacketlen);
 
+		rtstatus = _rtl92d_cmd_send_packet(hw, skb);
 
 
-	if (rtstatus)
 
-		dlok = true;
 
+		if (rtstatus)
 
+			dlok = true;
 
+	}
 
 	if (dlok) {
 
 		RT_TRACE(rtlpriv, COMP_POWER, DBG_LOUD,
 
 			 "Set RSVD page location to Fw\n");

+ 7 - 5
drivers/net/wireless/rtlwifi/usb.c
Vedi File 

@@ -520,12 +520,14 @@ static void _rtl_usb_rx_process_noagg(struct ieee80211_hw *hw,
 
 			u8 *pdata;
 
 
 			uskb = dev_alloc_skb(skb->len + 128);
 
-			memcpy(IEEE80211_SKB_RXCB(uskb), &rx_status,
 
-			       sizeof(rx_status));
 
-			pdata = (u8 *)skb_put(uskb, skb->len);
 
-			memcpy(pdata, skb->data, skb->len);
 
+			if (uskb) {	/* drop packet on allocation failure */
 
+				memcpy(IEEE80211_SKB_RXCB(uskb), &rx_status,
 
+				       sizeof(rx_status));
 
+				pdata = (u8 *)skb_put(uskb, skb->len);
 
+				memcpy(pdata, skb->data, skb->len);
 
+				ieee80211_rx_irqsafe(hw, uskb);
 
+			}
 
 			dev_kfree_skb_any(skb);
 
-			ieee80211_rx_irqsafe(hw, uskb);
 
 		} else {
 
 			dev_kfree_skb_any(skb);
 
 		}