diff options
| author | Kumar Amit Mehta <gmate.amit@gmail.com> | 2013-02-18 06:37:44 -0500 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2013-02-18 15:30:40 -0500 |
| commit | 488ec878034eccb852267b0e27ce9d511f75c587 (patch) | |
| tree | 4626543a0b094b82e5d5fc34c9eb14f96fc2a76b /drivers | |
| parent | bc6b89237acb3dee6af6e64e51a18255fef89cc2 (diff) | |
net: wireless: orinoco: orinoco_usb.c: fix DMA buffers on stack
This patch fixes an instance of DMA buffer on stack(being passed to
usb_control_msg) for the wireless USB version of the Agere Orinoco card driver.
It also fixes the missing audit for the return value of firmware download
routine. Found using smatch.
Signed-off-by: Kumar Amit Mehta <gmate.amit@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/net/wireless/orinoco/orinoco_usb.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/drivers/net/wireless/orinoco/orinoco_usb.c b/drivers/net/wireless/orinoco/orinoco_usb.c index 01624dcaf73e..7744f42de1ea 100644 --- a/drivers/net/wireless/orinoco/orinoco_usb.c +++ b/drivers/net/wireless/orinoco/orinoco_usb.c | |||
| @@ -804,10 +804,15 @@ static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset) | |||
| 804 | static int ezusb_firmware_download(struct ezusb_priv *upriv, | 804 | static int ezusb_firmware_download(struct ezusb_priv *upriv, |
| 805 | struct ez_usb_fw *fw) | 805 | struct ez_usb_fw *fw) |
| 806 | { | 806 | { |
| 807 | u8 fw_buffer[FW_BUF_SIZE]; | 807 | u8 *fw_buffer; |
| 808 | int retval, addr; | 808 | int retval, addr; |
| 809 | int variant_offset; | 809 | int variant_offset; |
| 810 | 810 | ||
| 811 | fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL); | ||
| 812 | if (!fw_buffer) { | ||
| 813 | printk(KERN_ERR PFX "Out of memory for firmware buffer.\n"); | ||
| 814 | return -ENOMEM; | ||
| 815 | } | ||
| 811 | /* | 816 | /* |
| 812 | * This byte is 1 and should be replaced with 0. The offset is | 817 | * This byte is 1 and should be replaced with 0. The offset is |
| 813 | * 0x10AD in version 0.0.6. The byte in question should follow | 818 | * 0x10AD in version 0.0.6. The byte in question should follow |
| @@ -859,6 +864,7 @@ static int ezusb_firmware_download(struct ezusb_priv *upriv, | |||
| 859 | printk(KERN_ERR PFX "Firmware download failed, error %d\n", | 864 | printk(KERN_ERR PFX "Firmware download failed, error %d\n", |
| 860 | retval); | 865 | retval); |
| 861 | exit: | 866 | exit: |
| 867 | kfree(fw_buffer); | ||
| 862 | return retval; | 868 | return retval; |
| 863 | } | 869 | } |
| 864 | 870 | ||
| @@ -1681,7 +1687,8 @@ static int ezusb_probe(struct usb_interface *interface, | |||
| 1681 | firmware.code = fw_entry->data; | 1687 | firmware.code = fw_entry->data; |
| 1682 | } | 1688 | } |
| 1683 | if (firmware.size && firmware.code) { | 1689 | if (firmware.size && firmware.code) { |
| 1684 | ezusb_firmware_download(upriv, &firmware); | 1690 | if (ezusb_firmware_download(upriv, &firmware)) |
| 1691 | goto error; | ||
| 1685 | } else { | 1692 | } else { |
| 1686 | err("No firmware to download"); | 1693 | err("No firmware to download"); |
| 1687 | goto error; | 1694 | goto error; |