From: Jeffrey Hugo <quic_jhugo@quicinc.com>
Date: Fri, 14 Feb 2025 16:21:09 +0000 (-0700)
Subject: bus: mhi: host: Avoid possible uninitialized fw_load_type
X-Git-Tag: v6.15-rc1~120^2~14^2~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=acf3256160bdabcb5c07032f3bf6eb5a21f5b95f;p=thirdparty%2Fkernel%2Flinux.git

bus: mhi: host: Avoid possible uninitialized fw_load_type

If mhi_fw_load_handler() bails out early because the EE is not capable
of loading firmware, we may reference fw_load_type in cleanup which is
uninitialized at this point. The cleanup code checks fw_load_type as a
proxy for knowing if fbc_image was allocated and needs to be freed, but
we can directly test for that. This avoids the possible uninitialized
access and appears to be clearer code.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/e3148ac4-7bb8-422d-ae0f-18a8eb15e269@stanley.mountain/
Fixes: f88f1d0998ea ("bus: mhi: host: Add a policy to enable image transfer via BHIe in PBL")
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Acked-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Reviewed-by: Carl Vanderlip <quic_carlv@quicinc.com>
Signed-off-by: Jeff Hugo <jeff.hugo@oss.qualcomm.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250214162109.3555300-1-quic_jhugo@quicinc.com
---

diff --git a/drivers/bus/mhi/host/boot.c b/drivers/bus/mhi/host/boot.c
index c8e48f621a8c6..efa3b6dddf4d2 100644
--- a/drivers/bus/mhi/host/boot.c
+++ b/drivers/bus/mhi/host/boot.c
@@ -608,7 +608,7 @@ fw_load_ready_state:
 	return;
 
 error_ready_state:
-	if (fw_load_type == MHI_FW_LOAD_FBC) {
+	if (mhi_cntrl->fbc_image) {
 		mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image);
 		mhi_cntrl->fbc_image = NULL;
 	}