From: Rafał Miłecki <[email protected]> While experimenting with firmware loading I ended up in a state of firmware reporting shared RAM address 0x04000001. It was causing: [ 94.448015] Unable to handle kernel paging request at virtual address cd680001 due to reading out of the mapped memory.
This patch adds some basic validation to avoid kernel crashes due to the unexpected firmware behavior. Signed-off-by: Rafał Miłecki <[email protected]> --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c index 257f919c52cc..58a6bc379358 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c @@ -1560,6 +1560,12 @@ static int brcmf_pcie_download_fw_nvram(struct brcmf_pciedev_info *devinfo, brcmf_err(bus, "FW failed to initialize\n"); return -ENODEV; } + if (sharedram_addr < devinfo->ci->rambase || + sharedram_addr >= devinfo->ci->rambase + devinfo->ci->ramsize) { + brcmf_err(bus, "Invalid shared RAM address 0x%08x\n", + sharedram_addr); + return -ENODEV; + } brcmf_dbg(PCIE, "Shared RAM addr: 0x%08x\n", sharedram_addr); return (brcmf_pcie_init_share_ram_info(devinfo, sharedram_addr)); -- 2.20.1
