The sdio_read32() calls sd_read(), but does not handle the error if sd_read() fails. This could lead to subsequent operations processing invalid data. A proper implementation can be found in sdio_readN().
Add error handling for the sd_read() to free tmpbuf and return error code if sd_read() fails. This ensure that the memcpy() is only performed when the read operation is successful.
Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable@vger.kernel.org # v4.12+ Signed-off-by: Wentao Liang vulab@iscas.ac.cn --- v4: Add change log and fix error code v3: Add Cc flag v2: Change code to initialize val
drivers/staging/rtl8723bs/hal/sdio_ops.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8723bs/hal/sdio_ops.c b/drivers/staging/rtl8723bs/hal/sdio_ops.c index 21e9f1858745..045153991986 100644 --- a/drivers/staging/rtl8723bs/hal/sdio_ops.c +++ b/drivers/staging/rtl8723bs/hal/sdio_ops.c @@ -185,7 +185,12 @@ static u32 sdio_read32(struct intf_hdl *intfhdl, u32 addr) return SDIO_ERR_VAL32;
ftaddr &= ~(u16)0x3; - sd_read(intfhdl, ftaddr, 8, tmpbuf); + err = sd_read(intfhdl, ftaddr, 8, tmpbuf); + if (err) { + kfree(tmpbuf) + return SDIO_ERR_VAL32; + } + memcpy(&le_tmp, tmpbuf + shift, 4); val = le32_to_cpu(le_tmp);
On Sun, Apr 06, 2025 at 12:05:46AM +0800, Wentao Liang wrote:
The sdio_read32() calls sd_read(), but does not handle the error if sd_read() fails. This could lead to subsequent operations processing invalid data. A proper implementation can be found in sdio_readN().
Add error handling for the sd_read() to free tmpbuf and return error code if sd_read() fails. This ensure that the memcpy() is only performed when the read operation is successful.
Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable@vger.kernel.org # v4.12+ Signed-off-by: Wentao Liang vulab@iscas.ac.cn
v4: Add change log and fix error code v3: Add Cc flag v2: Change code to initialize val
Thanks!
Reviewed-by: Dan Carpenter dan.carpenter@linaro.org
regards, dan carpenter
Hi Wentao,
kernel test robot noticed the following build errors:
[auto build test ERROR on staging/staging-testing]
url: https://github.com/intel-lab-lkp/linux/commits/Wentao-Liang/staging-rtl8723b... base: staging/staging-testing patch link: https://lore.kernel.org/r/20250405160546.2639-1-vulab%40iscas.ac.cn patch subject: [PATCH v4] staging: rtl8723bs: Add error handling for sd_read() config: arm64-randconfig-001-20250406 (https://download.01.org/0day-ci/archive/20250406/202504060905.XvK4ueHM-lkp@i...) compiler: clang version 21.0.0git (https://github.com/llvm/llvm-project 92c93f5286b9ff33f27ff694d2dc33da1c07afdd) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250406/202504060905.XvK4ueHM-lkp@i...)
If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot lkp@intel.com | Closes: https://lore.kernel.org/oe-kbuild-all/202504060905.XvK4ueHM-lkp@intel.com/
All errors (new ones prefixed by >>):
drivers/staging/rtl8723bs/hal/sdio_ops.c:190:17: error: expected ';' after expression
190 | kfree(tmpbuf) | ^ | ; 1 error generated.
vim +190 drivers/staging/rtl8723bs/hal/sdio_ops.c
150 151 static u32 sdio_read32(struct intf_hdl *intfhdl, u32 addr) 152 { 153 struct adapter *adapter; 154 u8 mac_pwr_ctrl_on; 155 u8 device_id; 156 u16 offset; 157 u32 ftaddr; 158 u8 shift; 159 u32 val; 160 s32 __maybe_unused err; 161 __le32 le_tmp; 162 163 adapter = intfhdl->padapter; 164 ftaddr = _cvrt2ftaddr(addr, &device_id, &offset); 165 166 rtw_hal_get_hwreg(adapter, HW_VAR_APFM_ON_MAC, &mac_pwr_ctrl_on); 167 if ( 168 ((device_id == WLAN_IOREG_DEVICE_ID) && (offset < 0x100)) || 169 (!mac_pwr_ctrl_on) || 170 (adapter_to_pwrctl(adapter)->fw_current_in_ps_mode) 171 ) { 172 err = sd_cmd52_read(intfhdl, ftaddr, 4, (u8 *)&le_tmp); 173 return le32_to_cpu(le_tmp); 174 } 175 176 /* 4 bytes alignment */ 177 shift = ftaddr & 0x3; 178 if (shift == 0) { 179 val = sd_read32(intfhdl, ftaddr, NULL); 180 } else { 181 u8 *tmpbuf; 182 183 tmpbuf = rtw_malloc(8); 184 if (!tmpbuf) 185 return SDIO_ERR_VAL32; 186 187 ftaddr &= ~(u16)0x3; 188 err = sd_read(intfhdl, ftaddr, 8, tmpbuf); 189 if (err) {
190 kfree(tmpbuf)
191 return SDIO_ERR_VAL32; 192 } 193 194 memcpy(&le_tmp, tmpbuf + shift, 4); 195 val = le32_to_cpu(le_tmp); 196 197 kfree(tmpbuf); 198 } 199 return val; 200 } 201
linux-stable-mirror@lists.linaro.org
-
Dan Carpenter -
kernel test robot -
Wentao Liang