From: Mohammed Shafi Shajakhan Date: Tue, 4 Sep 2012 14:03:32 +0000 (+0530) Subject: ath9k_hw: Fix invalid MCI GPM index access/caching X-Git-Tag: firefly_0821_release~3680^2~1949^2~30^2~154 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=90be994cd0d70fbe4a97b144806db6cfa497392c;p=firefly-linux-kernel-4.4.55.git ath9k_hw: Fix invalid MCI GPM index access/caching There is a possibility that AR_MCI_GPM_1 register can return 0xdeadbeef and this results in caching of invalid GPM index in ar9003_mci_is_gpm_valid. Ensure we have appropriate checks to avoid this. Cc: xijin luo Signed-off-by: Mohammed Shafi Shajakhan Signed-off-by: John W. Linville --- diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mci.c b/drivers/net/wireless/ath/ath9k/ar9003_mci.c index ff53091ea6df..ea49d6198d86 100644 --- a/drivers/net/wireless/ath/ath9k/ar9003_mci.c +++ b/drivers/net/wireless/ath/ath9k/ar9003_mci.c @@ -1321,6 +1321,10 @@ u32 ar9003_mci_get_next_gpm_offset(struct ath_hw *ah, bool first, u32 *more) if (first) { gpm_ptr = MS(REG_READ(ah, AR_MCI_GPM_1), AR_MCI_GPM_WRITE_PTR); + + if (gpm_ptr >= mci->gpm_len) + gpm_ptr = 0; + mci->gpm_idx = gpm_ptr; return gpm_ptr; } @@ -1365,6 +1369,10 @@ u32 ar9003_mci_get_next_gpm_offset(struct ath_hw *ah, bool first, u32 *more) more_gpm = MCI_GPM_NOMORE; temp_index = mci->gpm_idx; + + if (temp_index >= mci->gpm_len) + temp_index = 0; + mci->gpm_idx++; if (mci->gpm_idx >= mci->gpm_len)