pcmcia cis: on an out of range CIS read return 0xff, don't just warn
authorAlan Cox <alan@linux.intel.com>
Wed, 10 Dec 2014 15:06:10 +0000 (15:06 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 12 Jan 2015 13:04:12 +0000 (05:04 -0800)
The current code displays warnings but then proceeds to try and reference
the data through the PCMCIA window. Instead return 0xff. This prevents bogus
CIS data sending us off into hyperspace.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/pcmcia/cistpl.c

index 884a984216febe247dee1bdcad69d47d1cd1adf2..4ff725ca2c74e8884461cac564cb4ba86693bcc1 100644 (file)
@@ -168,9 +168,12 @@ int pcmcia_read_cis_mem(struct pcmcia_socket *s, int attr, u_int addr,
        } else {
                u_int inc = 1, card_offset, flags;
 
-               if (addr > CISTPL_MAX_CIS_SIZE)
+               if (addr > CISTPL_MAX_CIS_SIZE) {
                        dev_dbg(&s->dev,
                                "attempt to read CIS mem at addr %#x", addr);
+                       memset(ptr, 0xff, len);
+                       return -1;
+               }
 
                flags = MAP_ACTIVE | ((cis_width) ? MAP_16BIT : 0);
                if (attr) {