--- /dev/null
+From e0a8ef4d7b4315bc4c1641fb3f3a7dfdfa6627b8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Wed, 20 Feb 2019 11:30:47 +0100
+Subject: [PATCH] brcmfmac: add basic validation of shared RAM address
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+While experimenting with firmware loading I ended up in a state of
+firmware reporting shared RAM address 0x04000001. It was causing:
+[ 94.448015] Unable to handle kernel paging request at virtual address cd680001
+due to reading out of the mapped memory.
+
+This patch adds some basic validation to avoid kernel crashes due to the
+unexpected firmware behavior.
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
+@@ -1560,6 +1560,12 @@ static int brcmf_pcie_download_fw_nvram(
+ brcmf_err(bus, "FW failed to initialize\n");
+ return -ENODEV;
+ }
++ if (sharedram_addr < devinfo->ci->rambase ||
++ sharedram_addr >= devinfo->ci->rambase + devinfo->ci->ramsize) {
++ brcmf_err(bus, "Invalid shared RAM address 0x%08x\n",
++ sharedram_addr);
++ return -ENODEV;
++ }
+ brcmf_dbg(PCIE, "Shared RAM addr: 0x%08x\n", sharedram_addr);
+
+ return (brcmf_pcie_init_share_ram_info(devinfo, sharedram_addr));
projects / openwrt / openwrt.git / blobdiff