| commit | 703d0b8b228d422c78aee8dc740f69dbffbd2e0f | [log] [tgz] |
|---|---|---|
| author | Carl Huang <[email protected]> | Mon Mar 05 09:45:50 2018 |
| committer | ChromeOS Commit Bot <[email protected]> | Sat Mar 10 04:41:36 2018 |
| tree | 9f104a80fc2de90a9feb8623d92ca7d907441990 | |
| parent | 5d81c42cf0d4d2270904536c7994c05dd7c91af8 [diff] |
FROMLIST: ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait The skb may be freed in tx completion context before trace_ath10k_wmi_cmd is called. This can be easily captured when KASAN(Kernel Address Sanitizer) is enabled. The fix is to move trace_ath10k_wmi_cmd before the send operation. As the ret has no meaning in trace_ath10k_wmi_cmd then, so remove this parameter too. (from https://patchwork.kernel.org/patch/10258181/) BUG=b:71685298 TEST=Enable KASAN kernel config and connect the device to AP Change-Id: I08f95e4775cb85e2d64d668c501d87c7aeca72cb Signed-off-by: Carl Huang <[email protected]> Reviewed-on: https://chromium-review.googlesource.com/948070 Commit-Ready: Brian Norris <[email protected]> Tested-by: Brian Norris <[email protected]> Reviewed-by: Grant Grundler <[email protected]> Reviewed-by: Brian Norris <[email protected]> (cherry picked from commit 42461db250edbe8053fa0dccf0455d37b1c7a022) Reviewed-on: https://chromium-review.googlesource.com/958243 Trybot-Ready: Brian Norris <[email protected]> Commit-Queue: Brian Norris <[email protected]>