From: Lennert Buytenhek Date: Mon, 3 Aug 2009 19:58:26 +0000 (+0200) Subject: mwl8k: fix NULL pointer dereference on receive out-of-memory X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d25f9f1357139bbdc79bc960ea84909a7c22ec2b;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git mwl8k: fix NULL pointer dereference on receive out-of-memory When we go into out-of-memory and fail to allocate skbuffs to refill the receive ring with, rxq_process can end up running into a receive ring entry that is marked as host-owned but doesn't have an associated skbuff. If this happens, we must break out of the rx processing loop instead of trying to process the descriptor. Signed-off-by: Lennert Buytenhek Acked-by: Nicolas Pitre Signed-off-by: John W. Linville --- diff --git a/drivers/net/wireless/mwl8k.c b/drivers/net/wireless/mwl8k.c index a263d5c84c08..71f3eb67981e 100644 --- a/drivers/net/wireless/mwl8k.c +++ b/drivers/net/wireless/mwl8k.c @@ -1012,6 +1012,8 @@ static int rxq_process(struct ieee80211_hw *hw, int index, int limit) rmb(); skb = rxq->rx_skb[rxq->rx_head]; + if (skb == NULL) + break; rxq->rx_skb[rxq->rx_head] = NULL; rxq->rx_head = (rxq->rx_head + 1) % MWL8K_RX_DESCS;