bus: mhi: host: Avoid possible uninitialized fw_load_type

quic-jhugo · Jeff Hugo · commit acf3256160bd · 2025-02-21T10:29:28.000-07:00
If mhi_fw_load_handler() bails out early because the EE is not capable of loading firmware, we may reference fw_load_type in cleanup which is uninitialized at this point. The cleanup code checks fw_load_type as a proxy for knowing if fbc_image was allocated and needs to be freed, but we can directly test for that. This avoids the possible uninitialized access and appears to be clearer code. Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Closes: https://lore.kernel.org/all/e3148ac4-7bb8-422d-ae0f-18a8eb15e269@stanley.mountain/ Fixes: f88f1d0 ("bus: mhi: host: Add a policy to enable image transfer via BHIe in PBL") Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com> Acked-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org> Reviewed-by: Carl Vanderlip <quic_carlv@quicinc.com> Signed-off-by: Jeff Hugo <jeff.hugo@oss.qualcomm.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250214162109.3555300-1-quic_jhugo@quicinc.com
diff --git a/drivers/bus/mhi/host/boot.c b/drivers/bus/mhi/host/boot.c
@@ -608,7 +608,7 @@ void mhi_fw_load_handler(struct mhi_controller *mhi_cntrl)
 	return;
 
 error_ready_state:
-	if (fw_load_type == MHI_FW_LOAD_FBC) {
+	if (mhi_cntrl->fbc_image) {
 		mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image);
 		mhi_cntrl->fbc_image = NULL;
 	}

Original file line number	Diff line number	Diff line change
`@@ -608,7 +608,7 @@ void mhi_fw_load_handler(struct mhi_controller *mhi_cntrl)`
`608`	`608`	`return;`
`609`	`609`
`610`	`610`	`error_ready_state:`
`611`		`- if (fw_load_type == MHI_FW_LOAD_FBC) {`
	`611`	`+ if (mhi_cntrl->fbc_image) {`
`612`	`612`	`mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image);`
`613`	`613`	`mhi_cntrl->fbc_image = NULL;`
`614`	`614`	`}`