ath10k: sanitize tx ring index access properly

author Michal Kazior <michal.kazior@tieto.com>

Mon, 14 Jul 2014 13:25:25 +0000 (16:25 +0300)

committer Kalle Valo <kvalo@qca.qualcomm.com>

Tue, 15 Jul 2014 08:19:45 +0000 (11:19 +0300)
author Michal Kazior <michal.kazior@tieto.com>
Mon, 14 Jul 2014 13:25:25 +0000 (16:25 +0300)
committer Kalle Valo <kvalo@qca.qualcomm.com>
Tue, 15 Jul 2014 08:19:45 +0000 (11:19 +0300)
diff --git a/drivers/net/wireless/ath/ath10k/ce.c b/drivers/net/wireless/ath/ath10k/ce.c

index d185dc0cd12b2f739535a6bc6fe77020b0764133..4333107ecf37b8325c55f31569361a9b537dddc6 100644 (file)
--- a/drivers/net/wireless/ath/ath10k/ce.c
+++ b/drivers/net/wireless/ath/ath10k/ce.c
@@ -603,16 +603,19 @@ static int ath10k_ce_completed_send_next_nolock(struct ath10k_ce_pipe *ce_state,
                 if (ret)
                         return ret;
  
-               src_ring->hw_index =
-                       ath10k_ce_src_ring_read_index_get(ar, ctrl_addr);
-               src_ring->hw_index &= nentries_mask;
+               read_index = ath10k_ce_src_ring_read_index_get(ar, ctrl_addr);
+               if (read_index == 0xffffffff)
+                       return -ENODEV;
+
+               read_index &= nentries_mask;
+               src_ring->hw_index = read_index;
  
                 ath10k_pci_sleep(ar);
         }
  
         read_index = src_ring->hw_index;
  
-       if ((read_index == sw_index) || (read_index == 0xffffffff))
+       if (read_index == sw_index)
                 return -EIO;
  
         sbase = src_ring->shadow_base;
author	Michal Kazior <michal.kazior@tieto.com>
	Mon, 14 Jul 2014 13:25:25 +0000 (16:25 +0300)
committer	Kalle Valo <kvalo@qca.qualcomm.com>
	Tue, 15 Jul 2014 08:19:45 +0000 (11:19 +0300)