From: Sharvari Harisangam <sharvari@xxxxxxxxxxx>
mwifiex_pcie_fw_dump would read firmware scratch registers, to
get the size of the dump. It does a vmalloc of memory_size + 1,
read above, to save the dump. It is possible that the value read
by memory_size scratch register be invalid, i.e 0xffffffff. This
would pass an invalid size(0) to vmalloc. To fix this check for
invalid scratch register read.
Signed-off-by: Sharvari Harisangam <sharvari@xxxxxxxxxxx>
Signed-off-by: Ganapathi Bhat <gbhat@xxxxxxxxxxx>
---
drivers/net/wireless/marvell/mwifiex/pcie.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c
index fc1706d..483b521 100644
--- a/drivers/net/wireless/marvell/mwifiex/pcie.c
+++ b/drivers/net/wireless/marvell/mwifiex/pcie.c
@@ -2727,6 +2727,13 @@ static void mwifiex_pcie_fw_dump(struct mwifiex_adapter *adapter)
break;
}
+ if (memory_size == 0xffffffff) {
+ mwifiex_dbg(adapter, ERROR,
+ "Invalid dump size: 0x%x, for %s\n",
+ memory_size, entry->mem_name);
+ return;
+ }
+
mwifiex_dbg(adapter, DUMP,
"%s_SIZE=0x%x\n", entry->mem_name, memory_size);
entry->mem_ptr = vmalloc(memory_size + 1);
--
1.9.1
