Re: [PATCH v2 3/3] mwifiex: fix division by zero in fw download path
From: Johan Hovold
Date: Thu Oct 28 2021 - 03:21:12 EST
On Wed, Oct 27, 2021 at 11:22:39AM -0700, Brian Norris wrote:
> On Wed, Oct 27, 2021 at 1:12 AM Johan Hovold <johan@xxxxxxxxxx> wrote:
> > --- a/drivers/net/wireless/marvell/mwifiex/usb.c
> > +++ b/drivers/net/wireless/marvell/mwifiex/usb.c
> > @@ -505,6 +505,22 @@ static int mwifiex_usb_probe(struct usb_interface *intf,
> > }
> > }
> >
> > + switch (card->usb_boot_state) {
> > + case USB8XXX_FW_DNLD:
> > + /* Reject broken descriptors. */
> > + if (!card->rx_cmd_ep || !card->tx_cmd_ep)
> > + return -ENODEV;
>
> ^^ These two conditions are applicable to USB8XXX_FW_READY too, right?
Right, but I didn't want to add an incomplete set of constraints.
I couldn't find any documentation (e.g. lsusb -v) for what the
descriptors are supposed to look like, but judging from the code,
something like
if (!card->rx_cmd_ep || !card->tx_cmd_ep)
return -ENODEV;
if (!card->rx_data_ep || !card->port[0].tx_data_ep)
return -ENODEV;
should do. But I'm not sure about the second tx endpoint,
card->port[1].tx_data_ep, for which support was added later and which
the driver appears to be able to manage without.
Either way it has nothing to do with the division-by-zero and should be
added separately.
> > + if (card->bulk_out_maxpktsize == 0)
> > + return -ENODEV;
> > + break;
> > + case USB8XXX_FW_READY:
> > + /* Assume the driver can handle missing endpoints for now. */
> > + break;
> > + default:
> > + WARN_ON(1);
> > + return -ENODEV;
> > + }
Johan