[PATCH 2/2] ath10k: sanitize tx ring index access properly
Kalle Valo
kvalo at qca.qualcomm.com
Mon Jul 14 06:20:08 PDT 2014
Michal Kazior <michal.kazior at tieto.com> writes:
> The tx ring index was immediately trimmed with a
> bitmask. This discarded the 0xFFFFFFFF error case
> (which theoretically can happen when a device is
> abruptly disconnected) and led to using an invalid
> tx ring index. This could lead to memory
> corruption.
>
> Signed-off-by: Michal Kazior <michal.kazior at tieto.com>
> ---
> drivers/net/wireless/ath/ath10k/ce.c | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/wireless/ath/ath10k/ce.c b/drivers/net/wireless/ath/ath10k/ce.c
> index d185dc0..7c6c7d5 100644
> --- a/drivers/net/wireless/ath/ath10k/ce.c
> +++ b/drivers/net/wireless/ath/ath10k/ce.c
> @@ -603,16 +603,19 @@ static int ath10k_ce_completed_send_next_nolock(struct ath10k_ce_pipe *ce_state,
> if (ret)
> return ret;
>
> - src_ring->hw_index =
> - ath10k_ce_src_ring_read_index_get(ar, ctrl_addr);
> - src_ring->hw_index &= nentries_mask;
> + read_index = ath10k_ce_src_ring_read_index_get(ar, ctrl_addr);
> + if (read_index == 0xFFFFFFFF)
> + return -ENODEV;
I changed this to lower case, as it was before. Let's use lower case hex
values in ath10k.
--
Kalle Valo
More information about the ath10k
mailing list