From: Jes Sorensen <jes.sorensen@gmail.com>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Kalle Valo <kvalo@kernel.org>,
linux-wireless@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
Date: Fri, 19 Aug 2022 09:43:53 -0400 [thread overview]
Message-ID: <bd6d437e-6dfc-bb7f-d74e-84714e952a8e@gmail.com> (raw)
In-Reply-To: <Yv8eGLdBslLAk3Ct@kili>
On 8/19/22 01:22, Dan Carpenter wrote:
> There some bounds checking to ensure that "map_addr" is not out of
> bounds before the start of the loop. But the checking needs to be
> done as we iterate through the loop because "map_addr" gets larger as
> we iterate.
>
> Fixes: 26f1fad29ad9 ("New driver: rtl8xxxu (mac80211)")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
Looks reasonable to me.
Acked-by: Jes Sorensen <Jes.Sorensen@gmail.com>
> diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
> index c66f0726b253..f3a107f19cf5 100644
> --- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
> +++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
> @@ -1878,13 +1878,6 @@ static int rtl8xxxu_read_efuse(struct rtl8xxxu_priv *priv)
>
> /* We have 8 bits to indicate validity */
> map_addr = offset * 8;
> - if (map_addr >= EFUSE_MAP_LEN) {
> - dev_warn(dev, "%s: Illegal map_addr (%04x), "
> - "efuse corrupt!\n",
> - __func__, map_addr);
> - ret = -EINVAL;
> - goto exit;
> - }
> for (i = 0; i < EFUSE_MAX_WORD_UNIT; i++) {
> /* Check word enable condition in the section */
> if (word_mask & BIT(i)) {
> @@ -1895,6 +1888,13 @@ static int rtl8xxxu_read_efuse(struct rtl8xxxu_priv *priv)
> ret = rtl8xxxu_read_efuse8(priv, efuse_addr++, &val8);
> if (ret)
> goto exit;
> + if (map_addr >= EFUSE_MAP_LEN - 1) {
> + dev_warn(dev, "%s: Illegal map_addr (%04x), "
> + "efuse corrupt!\n",
> + __func__, map_addr);
> + ret = -EINVAL;
> + goto exit;
> + }
> priv->efuse_wifi.raw[map_addr++] = val8;
>
> ret = rtl8xxxu_read_efuse8(priv, efuse_addr++, &val8);
next prev parent reply other threads:[~2022-08-19 13:44 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-19 5:22 [PATCH] wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() Dan Carpenter
2022-08-19 13:43 ` Jes Sorensen [this message]
2022-09-02 8:44 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bd6d437e-6dfc-bb7f-d74e-84714e952a8e@gmail.com \
--to=jes.sorensen@gmail.com \
--cc=dan.carpenter@oracle.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=kvalo@kernel.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.