Commit b9c5e272 authored by Pavel Skripkin's avatar Pavel Skripkin Committed by Greg Kroah-Hartman
Browse files

staging: r8188eu: add error handling of rtw_read32



rtw_read32() reads data from device via USB API which may fail. In case
of any failure previous code returned stack data to callers, which is
wrong.

Fix it by changing rtw_read32() prototype and prevent caller from
touching random stack data

Signed-off-by: default avatarPavel Skripkin <paskripkin@gmail.com>
Link: https://lore.kernel.org/r/583c3d21c46066275e4fc8da5ba4fd0e3679335b.1654629778.git.paskripkin@gmail.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent fed9e604
Loading
Loading
Loading
Loading
+13 −2
Original line number Diff line number Diff line
@@ -898,8 +898,12 @@ static void traffic_status_watchdog(struct adapter *padapter)
static void rtl8188e_sreset_xmit_status_check(struct adapter *padapter)
{
	u32 txdma_status;
	int res;

	res = rtw_read32(padapter, REG_TXDMA_STATUS, &txdma_status);
	if (res)
		return;

	txdma_status = rtw_read32(padapter, REG_TXDMA_STATUS);
	if (txdma_status != 0x00)
		rtw_write32(padapter, REG_TXDMA_STATUS, txdma_status);
	/* total xmit irp = 4 */
@@ -1177,7 +1181,14 @@ u8 rtw_ps_cmd(struct adapter *padapter)

static bool rtw_is_hi_queue_empty(struct adapter *adapter)
{
	return (rtw_read32(adapter, REG_HGQ_INFORMATION) & 0x0000ff00) == 0;
	int res;
	u32 reg;

	res = rtw_read32(adapter, REG_HGQ_INFORMATION, &reg);
	if (res)
		return false;

	return (reg & 0x0000ff00) == 0;
}

static void rtw_chk_hi_queue_hdl(struct adapter *padapter)
+14 −6
Original line number Diff line number Diff line
@@ -46,11 +46,17 @@ ReadEFuseByte(
	rtw_write8(Adapter, EFUSE_CTRL + 3, (readbyte & 0x7f));

	/* Check bit 32 read-ready */
	retry = 0;
	value32 = rtw_read32(Adapter, EFUSE_CTRL);
	while (!(((value32 >> 24) & 0xff) & 0x80)  && (retry < 10000)) {
		value32 = rtw_read32(Adapter, EFUSE_CTRL);
		retry++;
	res = rtw_read32(Adapter, EFUSE_CTRL, &value32);
	if (res)
		return;

	for (retry = 0; retry < 10000; retry++) {
		res = rtw_read32(Adapter, EFUSE_CTRL, &value32);
		if (res)
			continue;

		if (((value32 >> 24) & 0xff) & 0x80)
			break;
	}

	/*  20100205 Joseph: Add delay suggested by SD1 Victor. */
@@ -58,7 +64,9 @@ ReadEFuseByte(
	/*  Designer says that there shall be some delay after ready bit is set, or the */
	/*  result will always stay on last data we read. */
	udelay(50);
	value32 = rtw_read32(Adapter, EFUSE_CTRL);
	res = rtw_read32(Adapter, EFUSE_CTRL, &value32);
	if (res)
		return;

	*pbuf = (u8)(value32 & 0xff);

+12 −4
Original line number Diff line number Diff line
@@ -194,10 +194,14 @@ static int fw_free_to_go(struct adapter *padapter)
{
	u32	counter = 0;
	u32	value32;
	int res;

	/*  polling CheckSum report */
	do {
		value32 = rtw_read32(padapter, REG_MCUFWDL);
		res = rtw_read32(padapter, REG_MCUFWDL, &value32);
		if (res)
			continue;

		if (value32 & FWDL_CHKSUM_RPT)
			break;
	} while (counter++ < POLLING_READY_TIMEOUT_COUNT);
@@ -205,7 +209,10 @@ static int fw_free_to_go(struct adapter *padapter)
	if (counter >= POLLING_READY_TIMEOUT_COUNT)
		return _FAIL;

	value32 = rtw_read32(padapter, REG_MCUFWDL);
	res = rtw_read32(padapter, REG_MCUFWDL, &value32);
	if (res)
		return _FAIL;

	value32 |= MCUFWDL_RDY;
	value32 &= ~WINTINI_RDY;
	rtw_write32(padapter, REG_MCUFWDL, value32);
@@ -215,9 +222,10 @@ static int fw_free_to_go(struct adapter *padapter)
	/*  polling for FW ready */
	counter = 0;
	do {
		value32 = rtw_read32(padapter, REG_MCUFWDL);
		if (value32 & WINTINI_RDY)
		res = rtw_read32(padapter, REG_MCUFWDL, &value32);
		if (!res && value32 & WINTINI_RDY)
			return _SUCCESS;

		udelay(5);
	} while (counter++ < POLLING_READY_TIMEOUT_COUNT);

+12 −2
Original line number Diff line number Diff line
@@ -6000,6 +6000,7 @@ static void mlme_join(struct adapter *adapter, int type)
{
	struct mlme_priv *mlmepriv = &adapter->mlmepriv;
	u8 retry_limit = 0x30, reg;
	u32 reg32;
	int res;

	switch (type) {
@@ -6008,8 +6009,12 @@ static void mlme_join(struct adapter *adapter, int type)
		/* enable to rx data frame, accept all data frame */
		rtw_write16(adapter, REG_RXFLTMAP2, 0xFFFF);

		res = rtw_read32(adapter, REG_RCR, &reg32);
		if (res)
			return;

		rtw_write32(adapter, REG_RCR,
			    rtw_read32(adapter, REG_RCR) | RCR_CBSSID_DATA | RCR_CBSSID_BCN);
			    reg32 | RCR_CBSSID_DATA | RCR_CBSSID_BCN);

		if (check_fwstate(mlmepriv, WIFI_STATION_STATE)) {
			retry_limit = 48;
@@ -6822,9 +6827,14 @@ static u8 chk_ap_is_alive(struct sta_info *psta)

static int rtl8188e_sreset_linked_status_check(struct adapter *padapter)
{
	u32 rx_dma_status =  rtw_read32(padapter, REG_RXDMA_STATUS);
	u32 rx_dma_status;
	int res;
	u8 reg;

	res = rtw_read32(padapter, REG_RXDMA_STATUS, &rx_dma_status);
	if (res)
		return res;

	if (rx_dma_status != 0x00)
		rtw_write32(padapter, REG_RXDMA_STATUS, rx_dma_status);

+8 −1
Original line number Diff line number Diff line
@@ -229,6 +229,9 @@ void rtw_set_ps_mode(struct adapter *padapter, u8 ps_mode, u8 smart_ps, u8 bcn_a

static bool lps_rf_on(struct adapter *adapter)
{
	int res;
	u32 reg;

	/* When we halt NIC, we should check if FW LPS is leave. */
	if (adapter->pwrctrlpriv.rf_pwrstate == rf_off) {
		/*  If it is in HW/SW Radio OFF or IPS state, we do not check Fw LPS Leave, */
@@ -236,7 +239,11 @@ static bool lps_rf_on(struct adapter *adapter)
		return true;
	}

	if (rtw_read32(adapter, REG_RCR) & 0x00070000)
	res = rtw_read32(adapter, REG_RCR, &reg);
	if (res)
		return false;

	if (reg & 0x00070000)
		return false;

	return true;
Loading