From: gregory.greenman@intel.com
To: johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org,
Johannes Berg <johannes.berg@intel.com>,
Gregory Greenman <gregory.greenman@intel.com>
Subject: [PATCH 14/15] wifi: iwlwifi: mvm: check firmware response size
Date: Mon, 17 Apr 2023 11:41:33 +0300 [thread overview]
Message-ID: <20230417113648.0d56fcaf68ee.I70e9571f3ed7263929b04f8fabad23c9b999e4ea@changeid> (raw)
In-Reply-To: <20230417084134.1338976-1-gregory.greenman@intel.com>
From: Johannes Berg <johannes.berg@intel.com>
Check the firmware response size for responses to the
memory read/write command in debugfs before using it.
Fixes: 2b55f43f8e47 ("iwlwifi: mvm: Add mem debugfs entry")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
---
drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
index affaed4d13fa..84a488538427 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
@@ -1961,6 +1961,11 @@ static ssize_t iwl_dbgfs_mem_read(struct file *file, char __user *user_buf,
if (ret < 0)
return ret;
+ if (iwl_rx_packet_payload_len(hcmd.resp_pkt) < sizeof(*rsp)) {
+ ret = -EIO;
+ goto out;
+ }
+
rsp = (void *)hcmd.resp_pkt->data;
if (le32_to_cpu(rsp->status) != DEBUG_MEM_STATUS_SUCCESS) {
ret = -ENXIO;
@@ -2037,6 +2042,11 @@ static ssize_t iwl_dbgfs_mem_write(struct file *file,
if (ret < 0)
return ret;
+ if (iwl_rx_packet_payload_len(hcmd.resp_pkt) < sizeof(*rsp)) {
+ ret = -EIO;
+ goto out;
+ }
+
rsp = (void *)hcmd.resp_pkt->data;
if (rsp->status != DEBUG_MEM_STATUS_SUCCESS) {
ret = -ENXIO;
--
2.38.1
next prev parent reply other threads:[~2023-04-17 8:42 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-17 8:41 [PATCH 00/15] wifi: iwlwifi: updates intended for v6.4 2023-04-17 gregory.greenman
2023-04-17 8:41 ` [PATCH 01/15] wifi: iwlwifi: mvm: adopt the latest firmware API gregory.greenman
2023-04-17 8:41 ` [PATCH 02/15] wifi: iwlwifi: mvm: update mac id management gregory.greenman
2023-04-17 8:41 ` [PATCH 03/15] wifi: iwlwifi: mvm: use BSSID when building probe requests gregory.greenman
2023-04-17 8:41 ` [PATCH 04/15] wifi: iwlwifi: mvm: allow NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT gregory.greenman
2023-04-17 8:41 ` [PATCH 05/15] wifi: iwlwifi: mvm: remove per-STA MFP setting gregory.greenman
2023-04-17 8:41 ` [PATCH 06/15] wifi: iwlwifi: mvm: fix iwl_mvm_sta_rc_update for MLO gregory.greenman
2023-04-17 8:41 ` [PATCH 07/15] wifi: iwlwifi: mvm: only clients can be 20MHz-only gregory.greenman
2023-04-17 8:41 ` [PATCH 08/15] wifi: iwlwifi: mvm: rs-fw: properly access sband->iftype_data gregory.greenman
2023-04-17 8:41 ` [PATCH 09/15] wifi: iwlwifi: mvm: initialize per-link STA ratescale data gregory.greenman
2023-04-17 8:41 ` [PATCH 10/15] wifi: iwlwifi: mvm: remove RS rate init update argument gregory.greenman
2023-04-17 8:41 ` [PATCH 11/15] wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO gregory.greenman
2023-04-17 8:41 ` [PATCH 12/15] wifi: iwlwifi: mvm: configure TLC on link activation gregory.greenman
2023-04-17 8:41 ` [PATCH 13/15] wifi: iwlwifi: mvm: add MLO support to SF - use sta pointer gregory.greenman
2023-04-17 8:41 ` gregory.greenman [this message]
2023-04-17 8:41 ` [PATCH 15/15] wifi: iwlwifi: bump FW API to 78 for AX devices gregory.greenman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230417113648.0d56fcaf68ee.I70e9571f3ed7263929b04f8fabad23c9b999e4ea@changeid \
--to=gregory.greenman@intel.com \
--cc=johannes.berg@intel.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.