mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-17 16:15:18 +00:00
wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
[ Upstream commit620d5eaeb9
] There some bounds checking to ensure that "map_addr" is not out of bounds before the start of the loop. But the checking needs to be done as we iterate through the loop because "map_addr" gets larger as we iterate. Fixes:26f1fad29a
("New driver: rtl8xxxu (mac80211)") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Jes Sorensen <Jes.Sorensen@gmail.com> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/Yv8eGLdBslLAk3Ct@kili Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
f16a9acac2
commit
ed250b2a51
1 changed files with 7 additions and 7 deletions
|
@ -1878,13 +1878,6 @@ static int rtl8xxxu_read_efuse(struct rtl8xxxu_priv *priv)
|
|||
|
||||
/* We have 8 bits to indicate validity */
|
||||
map_addr = offset * 8;
|
||||
if (map_addr >= EFUSE_MAP_LEN) {
|
||||
dev_warn(dev, "%s: Illegal map_addr (%04x), "
|
||||
"efuse corrupt!\n",
|
||||
__func__, map_addr);
|
||||
ret = -EINVAL;
|
||||
goto exit;
|
||||
}
|
||||
for (i = 0; i < EFUSE_MAX_WORD_UNIT; i++) {
|
||||
/* Check word enable condition in the section */
|
||||
if (word_mask & BIT(i)) {
|
||||
|
@ -1895,6 +1888,13 @@ static int rtl8xxxu_read_efuse(struct rtl8xxxu_priv *priv)
|
|||
ret = rtl8xxxu_read_efuse8(priv, efuse_addr++, &val8);
|
||||
if (ret)
|
||||
goto exit;
|
||||
if (map_addr >= EFUSE_MAP_LEN - 1) {
|
||||
dev_warn(dev, "%s: Illegal map_addr (%04x), "
|
||||
"efuse corrupt!\n",
|
||||
__func__, map_addr);
|
||||
ret = -EINVAL;
|
||||
goto exit;
|
||||
}
|
||||
priv->efuse_wifi.raw[map_addr++] = val8;
|
||||
|
||||
ret = rtl8xxxu_read_efuse8(priv, efuse_addr++, &val8);
|
||||
|
|
Loading…
Reference in a new issue