From c7a7525815f30b0ca9d4245d2cef6c6e3d33f0a2 Mon Sep 17 00:00:00 2001 From: Weiguo Hu Date: Thu, 12 Nov 2020 14:32:31 +0800 Subject: [PATCH] net: wireless: rockchip_wlan: realtek wifi: avoid illegal argument when called by ioctl SIOCDEVPRIVATE read Illegal argument will cause following kernel panic. Call trace: phy_RFSerialRead_8723B PHY_QueryRFReg_8723B rtw_hal_read_rfreg rtw_wx_read_rf _rtw_ioctl_wext_private rtw_ioctl dev_ifsioc dev_ioctl CNVD-C-2020-259506 Signed-off-by: Weiguo Hu Change-Id: I27e7a453a0156371fb96c764df99e8a77dce87fa --- .../rtl8188eu/hal/rtl8188e/rtl8188e_phycfg.c | 9 ++++++--- .../rtl8188fu/hal/rtl8188f/rtl8188f_phycfg.c | 9 ++++++--- .../rtl8189es/hal/rtl8188e/rtl8188e_phycfg.c | 9 +++++++-- .../rtl8189fs/hal/rtl8188f/rtl8188f_phycfg.c | 9 ++++++--- .../rtl8723bs/hal/rtl8723b/rtl8723b_phycfg.c | 9 ++++++--- .../rtl8723bu/hal/rtl8723b/rtl8723b_phycfg.c | 11 ++++++++--- .../rtl8723cs/hal/rtl8703b/rtl8703b_phycfg.c | 9 ++++++--- .../rtl8723ds/hal/rtl8723d/rtl8723d_phycfg.c | 9 ++++++--- 8 files changed, 51 insertions(+), 23 deletions(-) diff --git a/drivers/net/wireless/rockchip_wlan/rtl8188eu/hal/rtl8188e/rtl8188e_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8188eu/hal/rtl8188e/rtl8188e_phycfg.c index 137e3dd9dbea..efd730a06f94 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8188eu/hal/rtl8188e/rtl8188e_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8188eu/hal/rtl8188e/rtl8188e_phycfg.c @@ -571,9 +571,6 @@ phy_RFSerialWrite( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; - if (eRFPath >= MAX_RF_PATH) - return; - #if 0 /* We should check valid regs for RF_6052 case. */ if (pHalData->RFChipID == RF_8225 && Offset > 0x24) /* 36 valid regs */ @@ -645,6 +642,9 @@ PHY_QueryRFReg8188E( /* u8 RFWaitCounter = 0; */ /* _irqL irqL; */ + if (eRFPath >= MAX_RF_PATH) + return 0; + #if (DISABLE_BB_RF == 1) return 0; #endif @@ -707,6 +707,9 @@ PHY_SetRFReg8188E( u32 Original_Value, BitShift; /* _irqL irqL; */ + if (eRFPath >= MAX_RF_PATH) + return; + #if (DISABLE_BB_RF == 1) return; #endif diff --git a/drivers/net/wireless/rockchip_wlan/rtl8188fu/hal/rtl8188f/rtl8188f_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8188fu/hal/rtl8188f/rtl8188f_phycfg.c index 122e63062688..60e17f8dcf2c 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8188fu/hal/rtl8188f/rtl8188f_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8188fu/hal/rtl8188f/rtl8188f_phycfg.c @@ -339,9 +339,6 @@ phy_RFSerialWrite_8188F( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; - if (eRFPath >= MAX_RF_PATH) - return; - Offset &= 0xff; /* */ @@ -395,6 +392,9 @@ PHY_QueryRFReg_8188F( { u32 Original_Value, Readback_Value, BitShift; + if (eRFPath >= MAX_RF_PATH) + return 0; + #if (DISABLE_BB_RF == 1) return 0; #endif @@ -436,6 +436,9 @@ PHY_SetRFReg_8188F( { u32 Original_Value, BitShift; + if (eRFPath >= MAX_RF_PATH) + return; + #if (DISABLE_BB_RF == 1) return; #endif diff --git a/drivers/net/wireless/rockchip_wlan/rtl8189es/hal/rtl8188e/rtl8188e_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8189es/hal/rtl8188e/rtl8188e_phycfg.c index e3751b359141..24791dc47f11 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8189es/hal/rtl8188e/rtl8188e_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8189es/hal/rtl8188e/rtl8188e_phycfg.c @@ -582,8 +582,6 @@ phy_RFSerialWrite( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; - if (eRFPath >= MAX_RF_PATH) - return; #if 0 // We should check valid regs for RF_6052 case. @@ -656,6 +654,9 @@ PHY_QueryRFReg8188E( //u8 RFWaitCounter = 0; //_irqL irqL; + if (eRFPath >= MAX_RF_PATH) + return 0; + #if (DISABLE_BB_RF == 1) return 0; #endif @@ -720,6 +721,10 @@ PHY_SetRFReg8188E( //u1Byte RFWaitCounter = 0; u32 Original_Value, BitShift; //_irqL irqL; + + if (eRFPath > MAX_RF_PATH) + return; + #if (DISABLE_BB_RF == 1) return; diff --git a/drivers/net/wireless/rockchip_wlan/rtl8189fs/hal/rtl8188f/rtl8188f_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8189fs/hal/rtl8188f/rtl8188f_phycfg.c index de5993adf008..8dec955edd96 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8189fs/hal/rtl8188f/rtl8188f_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8189fs/hal/rtl8188f/rtl8188f_phycfg.c @@ -277,9 +277,6 @@ phy_RFSerialWrite_8188F( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; - if (eRFPath >= MAX_RF_PATH) - return; - Offset &= 0xff; /* */ @@ -333,6 +330,9 @@ PHY_QueryRFReg_8188F( { u32 Original_Value, Readback_Value, BitShift; + if (eRFPath >= MAX_RF_PATH) + return 0; + #if (DISABLE_BB_RF == 1) return 0; #endif @@ -374,6 +374,9 @@ PHY_SetRFReg_8188F( { u32 Original_Value, BitShift; + if (eRFPath >= MAX_RF_PATH) + return; + #if (DISABLE_BB_RF == 1) return; #endif diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723bs/hal/rtl8723b/rtl8723b_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8723bs/hal/rtl8723b/rtl8723b_phycfg.c index dd2495ef0dd5..90c1a974011a 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8723bs/hal/rtl8723b/rtl8723b_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723bs/hal/rtl8723b/rtl8723b_phycfg.c @@ -333,9 +333,6 @@ phy_RFSerialWrite_8723B( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; - if (eRFPath >= MAX_RF_PATH) - return; - Offset &= 0xff; /* */ @@ -389,6 +386,9 @@ PHY_QueryRFReg_8723B( { u32 Original_Value, Readback_Value, BitShift; + if (eRFPath >= MAX_RF_PATH) + return 0; + #if (DISABLE_BB_RF == 1) return 0; #endif @@ -430,6 +430,9 @@ PHY_SetRFReg_8723B( { u32 Original_Value, BitShift; + if (eRFPath >= MAX_RF_PATH) + return; + #if (DISABLE_BB_RF == 1) return; #endif diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723bu/hal/rtl8723b/rtl8723b_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8723bu/hal/rtl8723b/rtl8723b_phycfg.c index f5279806031a..87767e2494a3 100755 --- a/drivers/net/wireless/rockchip_wlan/rtl8723bu/hal/rtl8723b/rtl8723b_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723bu/hal/rtl8723b/rtl8723b_phycfg.c @@ -345,9 +345,6 @@ phy_RFSerialWrite_8723B( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; - if (eRFPath >= MAX_RF_PATH) - return; - Offset &= 0xff; @@ -402,6 +399,10 @@ PHY_QueryRFReg_8723B( { u32 Original_Value, Readback_Value, BitShift; + + if (eRFPath >= MAX_RF_PATH) + return 0; + #if (DISABLE_BB_RF == 1) return 0; #endif @@ -443,6 +444,10 @@ PHY_SetRFReg_8723B( { u32 Original_Value, BitShift; + + if (eRFPath >= MAX_RF_PATH) + return; + #if (DISABLE_BB_RF == 1) return; #endif diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723cs/hal/rtl8703b/rtl8703b_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8723cs/hal/rtl8703b/rtl8703b_phycfg.c index 98c3886042bc..cf5390f3d4ec 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8723cs/hal/rtl8703b/rtl8703b_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723cs/hal/rtl8703b/rtl8703b_phycfg.c @@ -277,9 +277,6 @@ phy_RFSerialWrite_8703B( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; - if (eRFPath >= MAX_RF_PATH) - return; - Offset &= 0xff; /* */ @@ -333,6 +330,9 @@ PHY_QueryRFReg_8703B( { u32 Original_Value, Readback_Value, BitShift; + if (eRFPath >= MAX_RF_PATH) + return 0; + #if (DISABLE_BB_RF == 1) return 0; #endif @@ -374,6 +374,9 @@ PHY_SetRFReg_8703B( { u32 Original_Value, BitShift; + if (eRFPath >= MAX_RF_PATH) + return; + #if (DISABLE_BB_RF == 1) return; #endif diff --git a/drivers/net/wireless/rockchip_wlan/rtl8723ds/hal/rtl8723d/rtl8723d_phycfg.c b/drivers/net/wireless/rockchip_wlan/rtl8723ds/hal/rtl8723d/rtl8723d_phycfg.c index fd93b09a64d4..e6fb6144395d 100644 --- a/drivers/net/wireless/rockchip_wlan/rtl8723ds/hal/rtl8723d/rtl8723d_phycfg.c +++ b/drivers/net/wireless/rockchip_wlan/rtl8723ds/hal/rtl8723d/rtl8723d_phycfg.c @@ -278,9 +278,6 @@ phy_RFSerialWrite_8723D( BB_REGISTER_DEFINITION_T *pPhyReg = &pHalData->PHYRegDef[eRFPath]; u32 NewOffset; - if (eRFPath >= MAX_RF_PATH) - return; - Offset &= 0xff; /* */ @@ -334,6 +331,9 @@ PHY_QueryRFReg_8723D( { u32 Original_Value, Readback_Value, BitShift; + if (eRFPath >= MAX_RF_PATH) + return 0; + #if (DISABLE_BB_RF == 1) return 0; #endif @@ -375,6 +375,9 @@ PHY_SetRFReg_8723D( { u32 Original_Value, BitShift; + if (eRFPath >= MAX_RF_PATH) + return; + #if (DISABLE_BB_RF == 1) return; #endif