On Wed, Oct 27, 2021 at 11:22:39AM -0700, Brian Norris wrote:

On Wed, Oct 27, 2021 at 1:12 AM Johan Hovold [off-list ref] wrote:

quoted

--- a/drivers/net/wireless/marvell/mwifiex/usb.c
+++ b/drivers/net/wireless/marvell/mwifiex/usb.c

@@ -505,6 +505,22 @@ static int mwifiex_usb_probe(struct usb_interface *intf,
                }
        }

+       switch (card->usb_boot_state) {
+       case USB8XXX_FW_DNLD:
+               /* Reject broken descriptors. */
+               if (!card->rx_cmd_ep || !card->tx_cmd_ep)
+                       return -ENODEV;

^^ These two conditions are applicable to USB8XXX_FW_READY too, right?

Right, but I didn't want to add an incomplete set of constraints.

I couldn't find any documentation (e.g. lsusb -v) for what the
descriptors are supposed to look like, but judging from the code,
something like

	if (!card->rx_cmd_ep || !card->tx_cmd_ep)
		return -ENODEV;
	if (!card->rx_data_ep || !card->port[0].tx_data_ep)
		return -ENODEV;

should do. But I'm not sure about the second tx endpoint,
card->port[1].tx_data_ep, for which support was added later and which
the driver appears to be able to manage without.

Either way it has nothing to do with the division-by-zero and should be
added separately.

quoted

+               if (card->bulk_out_maxpktsize == 0)
+                       return -ENODEV;
+               break;
+       case USB8XXX_FW_READY:
+               /* Assume the driver can handle missing endpoints for now. */
+               break;
+       default:
+               WARN_ON(1);
+               return -ENODEV;
+       }

Johan