From 103827124acdb9d13861fbdb2f0000d3af3bf497 Mon Sep 17 00:00:00 2001 From: Weiguo Hu Date: Thu, 12 Nov 2020 08:41:45 +0800 Subject: [PATCH] net: wireless: rockchip_wlan: realtek wifi: avoid illegal argument when called by ioctl SIOCDEVPRIVATE Illegal argument will cause following kernel panic. Call trace: PHY_SetRFReg_8723B rtw_hal_write_rfreg rtw_wx_write_rf _rtw_ioctl_wext_private rtw_ioctl dev_ifsioc dev_ioctl References: CNVD-C-2020-259508 Signed-off-by: Weiguo Hu Change-Id: Ia493d8276c1dd414c184a9b3eddb5d252bd85b98 --- .../rockchip_wlan/rtl8188eu/hal/rtl8188e/rtl8188e_phycfg.c | 3 +++ .../rockchip_wlan/rtl8188fu/hal/rtl8188f/rtl8188f_phycfg.c | 3 +++ .../rockchip_wlan/rtl8189es/hal/rtl8188e/rtl8188e_phycfg.c | 3 +++ .../rockchip_wlan/rtl8189fs/hal/rtl8188f/rtl8188f_phycfg.c | 3 +++ .../rockchip_wlan/rtl8723bs/hal/rtl8723b/rtl8723b_phycfg.c | 3 +++ .../rockchip_wlan/rtl8723bu/hal/rtl8723b/rtl8723b_phycfg.c | 4 ++++ .../rockchip_wlan/rtl8723cs/hal/rtl8703b/rtl8703b_phycfg.c | 3 +++ .../rockchip_wlan/rtl8723ds/hal/rtl8723d/rtl8723d_phycfg.c | 5 ++++- 8 files changed, 26 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/rockchip_wlan/rtl8188eu/hal/rtl8188e/rtl8188e_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8188eu/hal/rtl8188e/rtl8188e_phycfg.c index ca22e2ec82bc..137e3dd9dbea 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8188eu/hal/rtl8188e/rtl8188e_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8188eu/hal/rtl8188e/rtl8188e_phycfg.c @@ -571,6 +571,9 @@ phy_RFSerialWrite( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; + if (eRFPath >= MAX_RF_PATH) + return; + #if 0 /* We should check valid regs for RF_6052 case. */ if (pHalData->RFChipID == RF_8225 && Offset > 0x24) /* 36 valid regs */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8188fu/hal/rtl8188f/rtl8188f_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8188fu/hal/rtl8188f/rtl8188f_phycfg.c index 40fe483db327..122e63062688 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8188fu/hal/rtl8188f/rtl8188f_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8188fu/hal/rtl8188f/rtl8188f_phycfg.c @@ -339,6 +339,9 @@ phy_RFSerialWrite_8188F( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; + if (eRFPath >= MAX_RF_PATH) + return; + Offset &= 0xff; /* */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8189es/hal/rtl8188e/rtl8188e_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8189es/hal/rtl8188e/rtl8188e_phycfg.c index 7e74e54575f0..e3751b359141 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8189es/hal/rtl8188e/rtl8188e_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8189es/hal/rtl8188e/rtl8188e_phycfg.c @@ -581,6 +581,9 @@ phy_RFSerialWrite( HAL_DATA_TYPE *pHalData = GET_HAL_DATA(Adapter); BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; + + if (eRFPath >= MAX_RF_PATH) + return; #if 0 // We should check valid regs for RF_6052 case. diff --git a/drivers/net/wireless/rockchip_wlan/rtl8189fs/hal/rtl8188f/rtl8188f_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8189fs/hal/rtl8188f/rtl8188f_phycfg.c index 662196c385ec..de5993adf008 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8189fs/hal/rtl8188f/rtl8188f_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8189fs/hal/rtl8188f/rtl8188f_phycfg.c @@ -277,6 +277,9 @@ phy_RFSerialWrite_8188F( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; + if (eRFPath >= MAX_RF_PATH) + return; + Offset &= 0xff; /* */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723bs/hal/rtl8723b/rtl8723b_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8723bs/hal/rtl8723b/rtl8723b_phycfg.c index 3eab398d21e8..dd2495ef0dd5 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8723bs/hal/rtl8723b/rtl8723b_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723bs/hal/rtl8723b/rtl8723b_phycfg.c @@ -333,6 +333,9 @@ phy_RFSerialWrite_8723B( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; + if (eRFPath >= MAX_RF_PATH) + return; + Offset &= 0xff; /* */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723bu/hal/rtl8723b/rtl8723b_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8723bu/hal/rtl8723b/rtl8723b_phycfg.c index e6fcbb69896f..f5279806031a 100755 --- a/drivers/net/wireless/rockchip_wlan/rtl8723bu/hal/rtl8723b/rtl8723b_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723bu/hal/rtl8723b/rtl8723b_phycfg.c @@ -344,6 +344,10 @@ phy_RFSerialWrite_8723B( HAL_DATA_TYPE *pHalData = GET_HAL_DATA(Adapter); BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; + + if (eRFPath >= MAX_RF_PATH) + return; + Offset &= 0xff; diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723cs/hal/rtl8703b/rtl8703b_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8723cs/hal/rtl8703b/rtl8703b_phycfg.c index 95e332588bc5..98c3886042bc 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8723cs/hal/rtl8703b/rtl8703b_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723cs/hal/rtl8703b/rtl8703b_phycfg.c @@ -277,6 +277,9 @@ phy_RFSerialWrite_8703B( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; + if (eRFPath >= MAX_RF_PATH) + return; + Offset &= 0xff; /* */ diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723ds/hal/rtl8723d/rtl8723d_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8723ds/hal/rtl8723d/rtl8723d_phycfg.c index cf425f7b051c..fd93b09a64d4 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8723ds/hal/rtl8723d/rtl8723d_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723ds/hal/rtl8723d/rtl8723d_phycfg.c @@ -278,6 +278,9 @@ phy_RFSerialWrite_8723D( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; + if (eRFPath >= MAX_RF_PATH) + return; + Offset &= 0xff; /* */ @@ -1191,4 +1194,4 @@ PHY_SetSwChnlBWMode8723D( /* RTW_INFO("<==%s()\n",__FUNCTION__); */ } - \ No newline at end of file +