| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Feb 2018 16:45:25 -0800
From: Bjorn Andersson <bjorn.andersson@...aro.org>
To: Andy Gross <andy.gross@...aro.org>,
David Brown <david.brown@...aro.org>
Cc: Will Newton <will.newton@...il.com>, linux-arm-msm@...r.kernel.org,
linux-soc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] soc: qcom: wcnss_ctrl: Fix increment in NV upload
hdr.len includes both the size of the header and the fragment, so using
this when stepping through the firmware causes us to skip 16 bytes every
chunk of 3072 bytes; causing only the first fragment to actually be
valid data.
Instead use fragment size steps through the firmware blob.
Fixes: ea7a1f275cf0 ("soc: qcom: Introduce WCNSS_CTRL SMD client")
Reported-by: Will Newton <will.newton@...il.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@...aro.org>
---
It's worth noting that the firmware does not complain about the broken NV blob
nor does fixing this seem to alter the behavior of BT or WLAN - perhaps because
the WLAN driver uploads the NV blob as well?
drivers/soc/qcom/wcnss_ctrl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/soc/qcom/wcnss_ctrl.c b/drivers/soc/qcom/wcnss_ctrl.c
index e968559b0fc4..5429c91440b1 100644
--- a/drivers/soc/qcom/wcnss_ctrl.c
+++ b/drivers/soc/qcom/wcnss_ctrl.c
@@ -249,7 +249,7 @@ static int wcnss_download_nv(struct wcnss_ctrl *wcnss, bool *expect_cbc)
/* Increment for next fragment */
req->seq++;
- data += req->hdr.len;
+ data += NV_FRAGMENT_SIZE;
left -= NV_FRAGMENT_SIZE;
} while (left > 0);
--
2.16.2
Powered by blists - more mailing lists