bus: mhi: host: Avoid possible uninitialized fw_load_type

If mhi_fw_load_handler() bails out early because the EE is not capable
of loading firmware, we may reference fw_load_type in cleanup which is
uninitialized at this point. The cleanup code checks fw_load_type as a
proxy for knowing if fbc_image was allocated and needs to be freed, but
we can directly test for that. This avoids the possible uninitialized
access and appears to be clearer code.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/e3148ac4-7bb8-422d-ae0f-18a8eb15e269@stanley.mountain/
Fixes: f88f1d0998ea ("bus: mhi: host: Add a policy to enable image transfer via BHIe in PBL")
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Acked-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Carl Vanderlip <quic_carlv@quicinc.com>
Signed-off-by: Jeff Hugo <jeff.hugo@oss.qualcomm.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250214162109.3555300-1-quic_jhugo@quicinc.com

diff --git a/drivers/bus/mhi/host/boot.c b/drivers/bus/mhi/host/boot.c
index c8e48f621a8c66f4c282fab0fee605d9d4f9b98c..efa3b6dddf4d2f937535243bd8e8ed32109150a4 100644 (file)
--- a/drivers/bus/mhi/host/boot.c
+++ b/drivers/bus/mhi/host/boot.c
@@ -608,7 +608,7 @@ fw_load_ready_state:
        return;
 
 error_ready_state:
-       if (fw_load_type == MHI_FW_LOAD_FBC) {
+       if (mhi_cntrl->fbc_image) {
                mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image);
                mhi_cntrl->fbc_image = NULL;
        }