[PATCH] nfc: s3fwrn5: replace the assertion with a WARN_ON

[PATCH] nfc: s3fwrn5: replace the assertion with a WARN_ON

[Aditya Pakki]

In s3fwrn5_fw_recv_frame, if fw_info->rsp is not empty, the
current code causes a crash via BUG_ON. However, s3fwrn5_fw_send_msg
does not crash in such a scenario. The patch replaces the BUG_ON
by returning the error to the callers.

Signed-off-by: Aditya Pakki <pakki001@umn.edu>
---
 drivers/nfc/s3fwrn5/firmware.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/nfc/s3fwrn5/firmware.c b/drivers/nfc/s3fwrn5/firmware.c
index be110d9cef02..cdc7d45237d2 100644
--- a/drivers/nfc/s3fwrn5/firmware.c
+++ b/drivers/nfc/s3fwrn5/firmware.c
@@ -507,7 +507,8 @@ int s3fwrn5_fw_recv_frame(struct nci_dev *ndev, struct sk_buff *skb)
 	struct s3fwrn5_info *info = nci_get_drvdata(ndev);
 	struct s3fwrn5_fw_info *fw_info = &info->fw_info;
 
-	BUG_ON(fw_info->rsp);
+	if (WARN_ON(fw_info->rsp))
+		return -EINVAL;
 
 	fw_info->rsp = skb;
 
-- 
2.20.1

Re: [PATCH] nfc: s3fwrn5: replace the assertion with a WARN_ON

[David Miller]

From: Aditya Pakki <pakki001@umn.edu>
Date: Sun, 15 Dec 2019 13:01:29 -0600

> @@ -507,7 +507,8 @@ int s3fwrn5_fw_recv_frame(struct nci_dev *ndev, struct sk_buff *skb)
>  	struct s3fwrn5_info *info = nci_get_drvdata(ndev);
>  	struct s3fwrn5_fw_info *fw_info = &info->fw_info;
>  
> -	BUG_ON(fw_info->rsp);
> +	if (WARN_ON(fw_info->rsp))
> +		return -EINVAL;
>  
>  	fw_info->rsp = skb;

This leaks "skb" and you can even see that this might be the case
purely by looking at the context of the patch.