1. Patchew
  2. linux
  3. View series

[PATCH v1] wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()

Henry Martin posted 1 patch 1 day, 3 hours ago 
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 4 ++++
1 file changed, 4 insertions(+)
[PATCH v1] wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()
Posted by Henry Martin 1 day, 3 hours ago 
devm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init()
does not check for this case, which results in a NULL pointer
dereference.

Add NULL check after devm_ioremap() to prevent this issue.

Fixes: 4f831d18d12d ("wifi: mt76: mt7915: enable WED RX support")
Signed-off-by: Henry Martin <bsdhenrymartin@gmail.com>
---
 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c b/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c
index 876f0692850a..e1f2e32c4bdd 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c
@@ -651,6 +651,8 @@ int mt7915_mmio_wed_init(struct mt7915_dev *dev, void *pdev_ptr,
 		wed->wlan.base = devm_ioremap(dev->mt76.dev,
 					      pci_resource_start(pci_dev, 0),
 					      pci_resource_len(pci_dev, 0));
+		if (!wed->wlan.base)
+			return -ENOMEM;
 		wed->wlan.phy_base = pci_resource_start(pci_dev, 0);
 		wed->wlan.wpdma_int = pci_resource_start(pci_dev, 0) +
 				      MT_INT_WED_SOURCE_CSR;
@@ -678,6 +680,8 @@ int mt7915_mmio_wed_init(struct mt7915_dev *dev, void *pdev_ptr,
 		wed->wlan.bus_type = MTK_WED_BUS_AXI;
 		wed->wlan.base = devm_ioremap(dev->mt76.dev, res->start,
 					      resource_size(res));
+		if (!wed->wlan.base)
+			return -ENOMEM;
 		wed->wlan.phy_base = res->start;
 		wed->wlan.wpdma_int = res->start + MT_INT_SOURCE_CSR;
 		wed->wlan.wpdma_mask = res->start + MT_INT_MASK_CSR;
-- 
2.34.1
Re: [PATCH] wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()
Posted by Markus Elfring 1 day ago 
…
> Add NULL check after devm_ioremap() to prevent this issue.

Can a summary phrase like “Prevent null pointer dereference in mt7915_mmio_wed_init()”
be a bit nicer?


…
> +++ b/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c
> @@ -651,6 +651,8 @@ int mt7915_mmio_wed_init(struct mt7915_dev *dev, void *pdev_ptr,
>  		wed->wlan.base = devm_ioremap(dev->mt76.dev,
>  					      pci_resource_start(pci_dev, 0),
>  					      pci_resource_len(pci_dev, 0));
> +		if (!wed->wlan.base)
> +			return -ENOMEM;

Can a blank line be desirable after such a statement?


…
> @@ -678,6 +680,8 @@ int mt7915_mmio_wed_init(struct mt7915_dev *dev, void *pdev_ptr,
>  		wed->wlan.bus_type = MTK_WED_BUS_AXI;
>  		wed->wlan.base = devm_ioremap(dev->mt76.dev, res->start,
>  					      resource_size(res));
> +		if (!wed->wlan.base)
> +			return -ENOMEM;

Would the function “devm_platform_get_and_ioremap_resource” be applicable
in this else branch?
https://elixir.bootlin.com/linux/v6.14-rc6/source/drivers/base/platform.c#L87

Regards,
Markus

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.