Commit 488ec878 authored by Kumar Amit Mehta's avatar Kumar Amit Mehta Committed by John W. Linville

net: wireless: orinoco: orinoco_usb.c: fix DMA buffers on stack

This patch fixes an instance of DMA buffer on stack(being passed to
usb_control_msg) for the wireless USB version of the Agere Orinoco card driver.
It also fixes the missing audit for the return value of firmware download
routine. Found using smatch.
Signed-off-by: default avatarKumar Amit Mehta <gmate.amit@gmail.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent bc6b8923
...@@ -804,10 +804,15 @@ static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset) ...@@ -804,10 +804,15 @@ static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset)
static int ezusb_firmware_download(struct ezusb_priv *upriv, static int ezusb_firmware_download(struct ezusb_priv *upriv,
struct ez_usb_fw *fw) struct ez_usb_fw *fw)
{ {
u8 fw_buffer[FW_BUF_SIZE]; u8 *fw_buffer;
int retval, addr; int retval, addr;
int variant_offset; int variant_offset;
fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL);
if (!fw_buffer) {
printk(KERN_ERR PFX "Out of memory for firmware buffer.\n");
return -ENOMEM;
}
/* /*
* This byte is 1 and should be replaced with 0. The offset is * This byte is 1 and should be replaced with 0. The offset is
* 0x10AD in version 0.0.6. The byte in question should follow * 0x10AD in version 0.0.6. The byte in question should follow
...@@ -859,6 +864,7 @@ static int ezusb_firmware_download(struct ezusb_priv *upriv, ...@@ -859,6 +864,7 @@ static int ezusb_firmware_download(struct ezusb_priv *upriv,
printk(KERN_ERR PFX "Firmware download failed, error %d\n", printk(KERN_ERR PFX "Firmware download failed, error %d\n",
retval); retval);
exit: exit:
kfree(fw_buffer);
return retval; return retval;
} }
...@@ -1681,7 +1687,8 @@ static int ezusb_probe(struct usb_interface *interface, ...@@ -1681,7 +1687,8 @@ static int ezusb_probe(struct usb_interface *interface,
firmware.code = fw_entry->data; firmware.code = fw_entry->data;
} }
if (firmware.size && firmware.code) { if (firmware.size && firmware.code) {
ezusb_firmware_download(upriv, &firmware); if (ezusb_firmware_download(upriv, &firmware))
goto error;
} else { } else {
err("No firmware to download"); err("No firmware to download");
goto error; goto error;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment