* [PATCH RESEND] brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
@ 2025-04-14 7:20 Wentao Liang
2025-04-14 9:44 ` Arend van Spriel
0 siblings, 1 reply; 2+ messages in thread
From: Wentao Liang @ 2025-04-14 7:20 UTC (permalink / raw)
To: arend.vanspriel, kvalo
Cc: jacobe.zang, sebastian.reichel, christophe.jaillet, erick.archer,
linux-wireless, brcm80211, brcm80211-dev-list.pdl, linux-kernel,
Wentao Liang, stable
The function brcmf_usb_dl_writeimage() calls the function
brcmf_usb_dl_cmd() but dose not check its return value. The
'state.state' and the 'state.bytes' are uninitialized if the
function brcmf_usb_dl_cmd() fails. It is dangerous to use
uninitialized variables in the conditions.
Add error handling for brcmf_usb_dl_cmd() to jump to error
handling path if the brcmf_usb_dl_cmd() fails and the
'state.state' and the 'state.bytes' are uninitialized.
Fixes: 71bb244ba2fd ("brcm80211: fmac: add USB support for bcm43235/6/8 chipsets")
Cc: stable@vger.kernel.org # v3.4+
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
index 50dddac8a2ab..1c97cd777225 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
@@ -901,7 +901,9 @@ brcmf_usb_dl_writeimage(struct brcmf_usbdev_info *devinfo, u8 *fw, int fwlen)
}
/* 1) Prepare USB boot loader for runtime image */
- brcmf_usb_dl_cmd(devinfo, DL_START, &state, sizeof(state));
+ err = brcmf_usb_dl_cmd(devinfo, DL_START, &state, sizeof(state));
+ if (err)
+ goto fail;
rdlstate = le32_to_cpu(state.state);
rdlbytes = le32_to_cpu(state.bytes);
--
2.42.0.windows.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH RESEND] brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
2025-04-14 7:20 [PATCH RESEND] brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Wentao Liang
@ 2025-04-14 9:44 ` Arend van Spriel
0 siblings, 0 replies; 2+ messages in thread
From: Arend van Spriel @ 2025-04-14 9:44 UTC (permalink / raw)
To: Wentao Liang, kvalo
Cc: jacobe.zang, sebastian.reichel, christophe.jaillet, erick.archer,
linux-wireless, brcm80211, brcm80211-dev-list.pdl, linux-kernel,
stable
On 4/14/2025 9:20 AM, Wentao Liang wrote:
> The function brcmf_usb_dl_writeimage() calls the function
> brcmf_usb_dl_cmd() but dose not check its return value. The
> 'state.state' and the 'state.bytes' are uninitialized if the
> function brcmf_usb_dl_cmd() fails. It is dangerous to use
> uninitialized variables in the conditions.
>
> Add error handling for brcmf_usb_dl_cmd() to jump to error
> handling path if the brcmf_usb_dl_cmd() fails and the
> 'state.state' and the 'state.bytes' are uninitialized.
Agree. Have one request though...
Just below the code you touched the USB bootloader state is checked:
/* 2) Check we are in the Waiting state */
if (rdlstate != DL_WAITING) {
- brcmf_err("Failed to DL_START\n");
+ brcmf_err("Invalid DL state: %u\n", rdlstate);
err = -EINVAL;
goto fail;
}
Can you improve the error message as suggested.
Regards,
Arend
> Fixes: 71bb244ba2fd ("brcm80211: fmac: add USB support for bcm43235/6/8 chipsets")
> Cc: stable@vger.kernel.org # v3.4+
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
> ---
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-04-14 9:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-14 7:20 [PATCH RESEND] brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Wentao Liang
2025-04-14 9:44 ` Arend van Spriel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox