From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Colin Ian King <colin.king@canonical.com>,
Stanislaw Gruszka <stf_xl@wp.pl>,
Kalle Valo <kvalo@codeaurora.org>,
Sasha Levin <sashal@kernel.org>,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 411/459] iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
Date: Fri, 14 Feb 2020 11:01:01 -0500 [thread overview]
Message-ID: <20200214160149.11681-411-sashal@kernel.org> (raw)
In-Reply-To: <20200214160149.11681-1-sashal@kernel.org>
From: Colin Ian King <colin.king@canonical.com>
[ Upstream commit c2f9a4e4a5abfc84c01b738496b3fd2d471e0b18 ]
The loop counter addr is a u16 where as the upper limit of the loop
is an int. In the unlikely event that the il->cfg->eeprom_size is
greater than 64K then we end up with an infinite loop since addr will
wrap around an never reach upper loop limit. Fix this by making addr
an int.
Addresses-Coverity: ("Infinite loop")
Fixes: be663ab67077 ("iwlwifi: split the drivers for agn and legacy devices 3945/4965")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Stanislaw Gruszka <stf_xl@wp.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlegacy/common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlegacy/common.c b/drivers/net/wireless/intel/iwlegacy/common.c
index 73f7bbf742bc6..746749f379964 100644
--- a/drivers/net/wireless/intel/iwlegacy/common.c
+++ b/drivers/net/wireless/intel/iwlegacy/common.c
@@ -699,7 +699,7 @@ il_eeprom_init(struct il_priv *il)
u32 gp = _il_rd(il, CSR_EEPROM_GP);
int sz;
int ret;
- u16 addr;
+ int addr;
/* allocate eeprom */
sz = il->cfg->eeprom_size;
--
2.20.1
next prev parent reply other threads:[~2020-02-14 16:10 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200214160149.11681-1-sashal@kernel.org>
2020-02-14 15:54 ` [PATCH AUTOSEL 5.4 003/459] ath10k: Fix qmi init error handling Sasha Levin
2020-02-14 15:54 ` [PATCH AUTOSEL 5.4 004/459] wil6210: fix break that is never reached because of zero'ing of a retry counter Sasha Levin
2020-02-14 15:54 ` [PATCH AUTOSEL 5.4 020/459] brcmfmac: Fix memory leak in brcmf_p2p_create_p2pdev() Sasha Levin
2020-02-14 15:54 ` [PATCH AUTOSEL 5.4 021/459] brcmfmac: Fix use after free in brcmf_sdio_readframes() Sasha Levin
2020-02-14 15:54 ` [PATCH AUTOSEL 5.4 028/459] gianfar: Fix TX timestamping with a stacked DSA driver Sasha Levin
2020-02-14 15:55 ` [PATCH AUTOSEL 5.4 050/459] arm64: dts: marvell: clearfog-gt-8k: fix switch cpu port node Sasha Levin
2020-02-14 15:55 ` [PATCH AUTOSEL 5.4 058/459] net: ethernet: ixp4xx: Standard module init Sasha Levin
2020-02-14 15:55 ` [PATCH AUTOSEL 5.4 081/459] wan/hdlc_x25: fix skb handling Sasha Levin
2020-02-14 15:55 ` [PATCH AUTOSEL 5.4 092/459] ath10k: Correct the DMA direction for management tx buffers Sasha Levin
2020-02-14 15:55 ` [PATCH AUTOSEL 5.4 093/459] rtw88: fix rate mask for 1SS chip Sasha Levin
2020-02-14 15:55 ` [PATCH AUTOSEL 5.4 094/459] brcmfmac: sdio: Fix OOB interrupt initialization on brcm43362 Sasha Levin
2020-02-14 15:55 ` [PATCH AUTOSEL 5.4 095/459] libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held Sasha Levin
2020-02-14 15:55 ` [PATCH AUTOSEL 5.4 096/459] libertas: make lbs_ibss_join_existing() return error code on rates overflow Sasha Levin
2020-02-14 15:56 ` [PATCH AUTOSEL 5.4 114/459] bpftool: Don't crash on missing xlated program instructions Sasha Levin
2020-02-14 15:56 ` [PATCH AUTOSEL 5.4 115/459] bpf, sockhash: Synchronize_rcu before free'ing map Sasha Levin
2020-02-14 15:56 ` [PATCH AUTOSEL 5.4 116/459] bpf, sockmap: Check update requirements after locking Sasha Levin
2020-02-14 15:56 ` [PATCH AUTOSEL 5.4 117/459] bpf: Improve bucket_log calculation logic Sasha Levin
2020-02-14 15:56 ` [PATCH AUTOSEL 5.4 118/459] bpf, sockmap: Don't sleep while holding RCU lock on tear-down Sasha Levin
2020-02-14 15:56 ` [PATCH AUTOSEL 5.4 145/459] ath10k: correct the tlv len of ath10k_wmi_tlv_op_gen_config_pno_start Sasha Levin
2020-02-14 15:56 ` [PATCH AUTOSEL 5.4 154/459] net/wan/fsl_ucc_hdlc: reject muram offsets above 64K Sasha Levin
2020-02-14 15:56 ` [PATCH AUTOSEL 5.4 156/459] NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 181/459] Revert "nfp: abm: fix memory leak in nfp_abm_u32_knode_replace" Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 183/459] selftests/net: make so_txtime more robust to timer variance Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 186/459] samples/bpf: Set -fno-stack-protector when building BPF programs Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 187/459] r8169: check that Realtek PHY driver module is loaded Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 188/459] fore200e: Fix incorrect checks of NULL pointer dereference Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 189/459] isdn: don't mark kcapi_proc_exit as __exit Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 193/459] netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 198/459] b43legacy: Fix -Wcast-function-type Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 199/459] ipw2x00: " Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 200/459] iwlegacy: " Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 201/459] rtlwifi: rtl_pci: " Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 203/459] orinoco: avoid assertion in case of NULL pointer Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 227/459] bpf: Print error message for bpftool cgroup show Sasha Levin
2020-02-14 15:57 ` [PATCH AUTOSEL 5.4 228/459] net: phy: realtek: add logging for the RGMII TX delay configuration Sasha Levin
2020-02-14 15:58 ` [PATCH AUTOSEL 5.4 230/459] net/wan/fsl_ucc_hdlc: remove set but not used variables 'ut_info' and 'ret' Sasha Levin
2020-02-14 15:58 ` [PATCH AUTOSEL 5.4 247/459] net: phy: fixed_phy: fix use-after-free when checking link GPIO Sasha Levin
2020-02-14 15:58 ` [PATCH AUTOSEL 5.4 248/459] tools lib api fs: Fix gcc9 stringop-truncation compilation error Sasha Levin
2020-02-14 15:58 ` [PATCH AUTOSEL 5.4 256/459] mlx5: work around high stack usage with gcc Sasha Levin
2020-02-14 15:58 ` [PATCH AUTOSEL 5.4 284/459] bnxt: Detach page from page pool before sending up the stack Sasha Levin
2020-02-14 15:58 ` [PATCH AUTOSEL 5.4 286/459] wan: ixp4xx_hss: fix compile-testing on 64-bit Sasha Levin
2020-02-14 15:59 ` [PATCH AUTOSEL 5.4 307/459] bpf: Return -EBADRQC for invalid map type in __bpf_tx_xdp_map Sasha Levin
2020-02-14 16:00 ` [PATCH AUTOSEL 5.4 376/459] bpf, btf: Always output invariant hit in pahole DWARF to BTF transform Sasha Levin
2020-02-14 16:00 ` [PATCH AUTOSEL 5.4 378/459] sunrpc: Fix potential leaks in sunrpc_cache_unhash() Sasha Levin
2020-02-14 16:00 ` [PATCH AUTOSEL 5.4 397/459] selftests: bpf: Reset global state between reuseport test runs Sasha Levin
2020-02-14 16:00 ` [PATCH AUTOSEL 5.4 405/459] ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe Sasha Levin
2020-02-14 16:00 ` [PATCH AUTOSEL 5.4 406/459] hostap: Adjust indentation in prism2_hostapd_add_sta Sasha Levin
2020-02-14 16:00 ` [PATCH AUTOSEL 5.4 407/459] rtw88: fix potential NULL skb access in TX ISR Sasha Levin
2020-02-14 16:00 ` [PATCH AUTOSEL 5.4 408/459] rtlwifi: rtl8821ae: remove unused variables Sasha Levin
2020-02-14 16:00 ` [PATCH AUTOSEL 5.4 409/459] rtlwifi: rtl8192ee: " Sasha Levin
2020-02-14 16:01 ` [PATCH AUTOSEL 5.4 410/459] rtlwifi: rtl8723ae: " Sasha Levin
2020-02-14 16:01 ` Sasha Levin [this message]
2020-02-14 16:01 ` [PATCH AUTOSEL 5.4 415/459] bpf: map_seq_next should always increase position index Sasha Levin
2020-02-14 16:01 ` [PATCH AUTOSEL 5.4 417/459] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() Sasha Levin
2020-02-14 16:01 ` [PATCH AUTOSEL 5.4 418/459] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() Sasha Levin
2020-02-14 16:01 ` [PATCH AUTOSEL 5.4 430/459] powerpc: Do not consider weak unresolved symbol relocations as bad Sasha Levin
2020-02-14 16:01 ` [PATCH AUTOSEL 5.4 442/459] iwlwifi: mvm: Fix thermal zone registration Sasha Levin
2020-02-14 16:01 ` [PATCH AUTOSEL 5.4 443/459] iwlwifi: mvm: avoid use after free for pmsr request Sasha Levin
2020-02-14 16:01 ` [PATCH AUTOSEL 5.4 444/459] iwlwifi: mvm: Check the sta is not NULL in iwl_mvm_cfg_he_sta() Sasha Levin
2020-02-14 16:01 ` [PATCH AUTOSEL 5.4 455/459] i40e: Relax i40e_xsk_wakeup's return value when PF is busy Sasha Levin
2020-02-14 16:01 ` [PATCH AUTOSEL 5.4 459/459] mlxsw: spectrum_dpipe: Add missing error path Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200214160149.11681-411-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=colin.king@canonical.com \
--cc=kvalo@codeaurora.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=stf_xl@wp.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).