* [patch 3/4] mwifiex: prevent corruption instead of just warning
@ 2011-10-18 6:15 Dan Carpenter
2011-10-18 18:19 ` Bing Zhao
0 siblings, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2011-10-18 6:15 UTC (permalink / raw)
To: Bing Zhao; +Cc: John W. Linville, linux-wireless, kernel-janitors
We may as well put a return here instead of just printing a warning
message and then corrupting memory. The caller doesn't check the
return code.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c
index d12d440..40b154d 100644
--- a/drivers/net/wireless/mwifiex/pcie.c
+++ b/drivers/net/wireless/mwifiex/pcie.c
@@ -1228,9 +1228,11 @@ static int mwifiex_pcie_event_complete(struct mwifiex_adapter *adapter,
if (!skb)
return 0;
- if (rdptr >= MWIFIEX_MAX_EVT_BD)
+ if (rdptr >= MWIFIEX_MAX_EVT_BD) {
dev_err(adapter->dev, "event_complete: Invalid rdptr 0x%x\n",
rdptr);
+ return -EINVAL;
+ }
/* Read the event ring write pointer set by firmware */
if (mwifiex_read_reg(adapter, REG_EVTBD_WRPTR, &wrptr)) {
^ permalink raw reply related [flat|nested] 6+ messages in thread
* RE: [patch 3/4] mwifiex: prevent corruption instead of just warning
2011-10-18 6:15 [patch 3/4] mwifiex: prevent corruption instead of just warning Dan Carpenter
@ 2011-10-18 18:19 ` Bing Zhao
2011-10-18 18:23 ` Johannes Berg
2011-10-19 7:32 ` [patch 3/4 v2] " Dan Carpenter
0 siblings, 2 replies; 6+ messages in thread
From: Bing Zhao @ 2011-10-18 18:19 UTC (permalink / raw)
To: Dan Carpenter
Cc: John W. Linville, linux-wireless@vger.kernel.org,
kernel-janitors@vger.kernel.org
Hi Dan,
> -----Original Message-----
> From: Dan Carpenter [mailto:dan.carpenter@oracle.com]
> Sent: Monday, October 17, 2011 11:15 PM
> To: Bing Zhao
> Cc: John W. Linville; linux-wireless@vger.kernel.org; kernel-janitors@vger.kernel.org
> Subject: [patch 3/4] mwifiex: prevent corruption instead of just warning
>
> We may as well put a return here instead of just printing a warning
> message and then corrupting memory. The caller doesn't check the
> return code.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c
> index d12d440..40b154d 100644
> --- a/drivers/net/wireless/mwifiex/pcie.c
> +++ b/drivers/net/wireless/mwifiex/pcie.c
> @@ -1228,9 +1228,11 @@ static int mwifiex_pcie_event_complete(struct mwifiex_adapter *adapter,
> if (!skb)
> return 0;
>
> - if (rdptr >= MWIFIEX_MAX_EVT_BD)
> + if (rdptr >= MWIFIEX_MAX_EVT_BD) {
> dev_err(adapter->dev, "event_complete: Invalid rdptr 0x%x\n",
> rdptr);
> + return -EINVAL;
Instead of returning directly, we should set the error code and go through the error handling:
ret = -EINVAL;
goto done;
Could you please resend v2?
Thanks,
Bing
> + }
>
> /* Read the event ring write pointer set by firmware */
> if (mwifiex_read_reg(adapter, REG_EVTBD_WRPTR, &wrptr)) {
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [patch 3/4] mwifiex: prevent corruption instead of just warning
2011-10-18 18:19 ` Bing Zhao
@ 2011-10-18 18:23 ` Johannes Berg
2011-10-18 18:27 ` Bing Zhao
2011-10-19 7:32 ` [patch 3/4 v2] " Dan Carpenter
1 sibling, 1 reply; 6+ messages in thread
From: Johannes Berg @ 2011-10-18 18:23 UTC (permalink / raw)
To: Bing Zhao
Cc: Dan Carpenter, John W. Linville, linux-wireless@vger.kernel.org,
kernel-janitors@vger.kernel.org
On Tue, 2011-10-18 at 11:19 -0700, Bing Zhao wrote:
> > @@ -1228,9 +1228,11 @@ static int mwifiex_pcie_event_complete(struct mwifiex_adapter *adapter,
> > if (!skb)
> > return 0;
> >
> > - if (rdptr >= MWIFIEX_MAX_EVT_BD)
> > + if (rdptr >= MWIFIEX_MAX_EVT_BD) {
> > dev_err(adapter->dev, "event_complete: Invalid rdptr 0x%x\n",
> > rdptr);
> > + return -EINVAL;
>
> Instead of returning directly, we should set the error code and go through the error handling:
> ret = -EINVAL;
> goto done;
Are you sure? You don't go to error handling a few lines earlier.
johannes
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [patch 3/4] mwifiex: prevent corruption instead of just warning
2011-10-18 18:23 ` Johannes Berg
@ 2011-10-18 18:27 ` Bing Zhao
0 siblings, 0 replies; 6+ messages in thread
From: Bing Zhao @ 2011-10-18 18:27 UTC (permalink / raw)
To: Johannes Berg
Cc: Dan Carpenter, John W. Linville, linux-wireless@vger.kernel.org,
kernel-janitors@vger.kernel.org, Amitkumar Karwar, Kiran Divekar
SGkgSm9oYW5uZXMsDQoNClRoYW5rcyBmb3IgeW91ciBjb21tZW50Lg0KDQo+IC0tLS0tT3JpZ2lu
YWwgTWVzc2FnZS0tLS0tDQo+IEZyb206IEpvaGFubmVzIEJlcmcgW21haWx0bzpqb2hhbm5lc0Bz
aXBzb2x1dGlvbnMubmV0XQ0KPiBTZW50OiBUdWVzZGF5LCBPY3RvYmVyIDE4LCAyMDExIDExOjIz
IEFNDQo+IFRvOiBCaW5nIFpoYW8NCj4gQ2M6IERhbiBDYXJwZW50ZXI7IEpvaG4gVy4gTGludmls
bGU7IGxpbnV4LXdpcmVsZXNzQHZnZXIua2VybmVsLm9yZzsga2VybmVsLWphbml0b3JzQHZnZXIu
a2VybmVsLm9yZw0KPiBTdWJqZWN0OiBSRTogW3BhdGNoIDMvNF0gbXdpZmlleDogcHJldmVudCBj
b3JydXB0aW9uIGluc3RlYWQgb2YganVzdCB3YXJuaW5nDQo+IA0KPiBPbiBUdWUsIDIwMTEtMTAt
MTggYXQgMTE6MTkgLTA3MDAsIEJpbmcgWmhhbyB3cm90ZToNCj4gDQo+ID4gPiBAQCAtMTIyOCw5
ICsxMjI4LDExIEBAIHN0YXRpYyBpbnQgbXdpZmlleF9wY2llX2V2ZW50X2NvbXBsZXRlKHN0cnVj
dCBtd2lmaWV4X2FkYXB0ZXIgKmFkYXB0ZXIsDQo+ID4gPiAgCWlmICghc2tiKQ0KPiA+ID4gIAkJ
cmV0dXJuIDA7DQo+ID4gPg0KPiA+ID4gLQlpZiAocmRwdHIgPj0gTVdJRklFWF9NQVhfRVZUX0JE
KQ0KPiA+ID4gKwlpZiAocmRwdHIgPj0gTVdJRklFWF9NQVhfRVZUX0JEKSB7DQo+ID4gPiAgCQlk
ZXZfZXJyKGFkYXB0ZXItPmRldiwgImV2ZW50X2NvbXBsZXRlOiBJbnZhbGlkIHJkcHRyIDB4JXhc
biIsDQo+ID4gPiAgCQkJCQlyZHB0cik7DQo+ID4gPiArCQlyZXR1cm4gLUVJTlZBTDsNCj4gPg0K
PiA+IEluc3RlYWQgb2YgcmV0dXJuaW5nIGRpcmVjdGx5LCB3ZSBzaG91bGQgc2V0IHRoZSBlcnJv
ciBjb2RlIGFuZCBnbyB0aHJvdWdoIHRoZSBlcnJvciBoYW5kbGluZzoNCj4gPiAJCXJldCA9IC1F
SU5WQUw7DQo+ID4gCQlnb3RvIGRvbmU7DQo+IA0KPiBBcmUgeW91IHN1cmU/IFlvdSBkb24ndCBn
byB0byBlcnJvciBoYW5kbGluZyBhIGZldyBsaW5lcyBlYXJsaWVyLg0KDQpUaGUgZXJyb3IgaGFu
ZGxpbmcgd2lsbCBmcmVlIHRoZSBza2IuIElmIHNrYiBpcyBOVUxMIHRoZXJlIGlzIG5vIG5lZWQg
dG8gZnJlZS4NCg0KVGhhbmtzLA0KQmluZw0KDQo+IA0KPiBqb2hhbm5lcw0KDQo=
^ permalink raw reply [flat|nested] 6+ messages in thread
* [patch 3/4 v2] mwifiex: prevent corruption instead of just warning
2011-10-18 18:19 ` Bing Zhao
2011-10-18 18:23 ` Johannes Berg
@ 2011-10-19 7:32 ` Dan Carpenter
2011-10-19 21:29 ` Bing Zhao
1 sibling, 1 reply; 6+ messages in thread
From: Dan Carpenter @ 2011-10-19 7:32 UTC (permalink / raw)
To: Bing Zhao
Cc: John W. Linville, linux-wireless@vger.kernel.org,
kernel-janitors@vger.kernel.org
Probably we never hit this condition, but in case we do, we may as
well put a return here instead of just printing a warning message and
then corrupting memory. The caller doesn't check the return code.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: Use the error handling code to free the skb before returning.
diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c
index d12d440..a2f3200 100644
--- a/drivers/net/wireless/mwifiex/pcie.c
+++ b/drivers/net/wireless/mwifiex/pcie.c
@@ -1228,9 +1228,12 @@ static int mwifiex_pcie_event_complete(struct mwifiex_adapter *adapter,
if (!skb)
return 0;
- if (rdptr >= MWIFIEX_MAX_EVT_BD)
+ if (rdptr >= MWIFIEX_MAX_EVT_BD) {
dev_err(adapter->dev, "event_complete: Invalid rdptr 0x%x\n",
rdptr);
+ ret = -EINVAL;
+ goto done;
+ }
/* Read the event ring write pointer set by firmware */
if (mwifiex_read_reg(adapter, REG_EVTBD_WRPTR, &wrptr)) {
^ permalink raw reply related [flat|nested] 6+ messages in thread
* RE: [patch 3/4 v2] mwifiex: prevent corruption instead of just warning
2011-10-19 7:32 ` [patch 3/4 v2] " Dan Carpenter
@ 2011-10-19 21:29 ` Bing Zhao
0 siblings, 0 replies; 6+ messages in thread
From: Bing Zhao @ 2011-10-19 21:29 UTC (permalink / raw)
To: Dan Carpenter
Cc: John W. Linville, linux-wireless@vger.kernel.org,
kernel-janitors@vger.kernel.org
Hi Dan,
Thanks for the patch.
> -----Original Message-----
> From: Dan Carpenter [mailto:dan.carpenter@oracle.com]
> Sent: Wednesday, October 19, 2011 12:32 AM
> To: Bing Zhao
> Cc: John W. Linville; linux-wireless@vger.kernel.org; kernel-janitors@vger.kernel.org
> Subject: [patch 3/4 v2] mwifiex: prevent corruption instead of just warning
>
> Probably we never hit this condition, but in case we do, we may as
> well put a return here instead of just printing a warning message and
> then corrupting memory. The caller doesn't check the return code.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Regards,
Bing
> ---
> v2: Use the error handling code to free the skb before returning.
>
> diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c
> index d12d440..a2f3200 100644
> --- a/drivers/net/wireless/mwifiex/pcie.c
> +++ b/drivers/net/wireless/mwifiex/pcie.c
> @@ -1228,9 +1228,12 @@ static int mwifiex_pcie_event_complete(struct mwifiex_adapter *adapter,
> if (!skb)
> return 0;
>
> - if (rdptr >= MWIFIEX_MAX_EVT_BD)
> + if (rdptr >= MWIFIEX_MAX_EVT_BD) {
> dev_err(adapter->dev, "event_complete: Invalid rdptr 0x%x\n",
> rdptr);
> + ret = -EINVAL;
> + goto done;
> + }
>
> /* Read the event ring write pointer set by firmware */
> if (mwifiex_read_reg(adapter, REG_EVTBD_WRPTR, &wrptr)) {
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-10-19 21:29 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-18 6:15 [patch 3/4] mwifiex: prevent corruption instead of just warning Dan Carpenter
2011-10-18 18:19 ` Bing Zhao
2011-10-18 18:23 ` Johannes Berg
2011-10-18 18:27 ` Bing Zhao
2011-10-19 7:32 ` [patch 3/4 v2] " Dan Carpenter
2011-10-19 21:29 ` Bing Zhao
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).