On Sun, Apr 06, 2025 at 10:35:13AM +0800, Wentao Liang wrote:
The sdio_read32() calls sd_read(), but does not handle the error if sd_read() fails. This could lead to subsequent operations processing invalid data. A proper implementation can be found in sdio_readN().
Great, why not use that instead?
Add error handling for the sd_read() to free tmpbuf and return error code if sd_read() fails. This ensure that the memcpy() is only performed when the read operation is successful.
Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable@vger.kernel.org # v4.12+ Signed-off-by: Wentao Liang vulab@iscas.ac.cn
v5: Fix error code v4: Add change log and fix error code v3: Add Cc flag v2: Change code to initialize val
drivers/staging/rtl8723bs/hal/sdio_ops.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8723bs/hal/sdio_ops.c b/drivers/staging/rtl8723bs/hal/sdio_ops.c index 21e9f1858745..d79d41727042 100644 --- a/drivers/staging/rtl8723bs/hal/sdio_ops.c +++ b/drivers/staging/rtl8723bs/hal/sdio_ops.c @@ -185,7 +185,12 @@ static u32 sdio_read32(struct intf_hdl *intfhdl, u32 addr) return SDIO_ERR_VAL32; ftaddr &= ~(u16)0x3;
sd_read(intfhdl, ftaddr, 8, tmpbuf);
err = sd_read(intfhdl, ftaddr, 8, tmpbuf);if (err) {kfree(tmpbuf);return SDIO_ERR_VAL32;
Why isn't the error that you get from the lower levels being returned here instead? Throwing that away feels wrong, don't you think?
thanks,
greg k-h