From: Johannes Berg johannes.berg@intel.com
[ Upstream commit 634c7b1bd08ca322537ab389f8cbd7bb543b5e45 ]
In __iwl_err(), if we rate-limit the message away, then vaf.va is still NULL-initialized by the time we get to the tracing code, which then crashes. When it doesn't get rate-limited out, it's still wrong to reuse the old args2 that was already printed, which is why we bother making a copy in the first place.
Assign vaf.va properly to fix this.
Fixes: e5f1cc98cc1b ("iwlwifi: allow rate-limited error messages") Signed-off-by: Johannes Berg johannes.berg@intel.com Signed-off-by: Gregory Greenman gregory.greenman@intel.com Link: https://lore.kernel.org/r/20230413102635.e27134c6bcd4.Ib3894cd2ba7a5ad5e7591... Signed-off-by: Johannes Berg johannes.berg@intel.com Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/net/wireless/intel/iwlwifi/iwl-debug.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-debug.c b/drivers/net/wireless/intel/iwlwifi/iwl-debug.c index ae4c2a3d63d5b..3a3c13a41fc61 100644 --- a/drivers/net/wireless/intel/iwlwifi/iwl-debug.c +++ b/drivers/net/wireless/intel/iwlwifi/iwl-debug.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause /* - * Copyright (C) 2005-2011, 2021 Intel Corporation + * Copyright (C) 2005-2011, 2021-2022 Intel Corporation */ #include <linux/device.h> #include <linux/interrupt.h> @@ -57,6 +57,7 @@ void __iwl_err(struct device *dev, enum iwl_err_mode mode, const char *fmt, ...) default: break; } + vaf.va = &args; trace_iwlwifi_err(&vaf); va_end(args); }