ath10k: prevent debugfs mmio access crash kernel

It was possible to force an out of bounds MMIO
read/write via debugfs. E.g. on QCA988X this could
be triggered with:

 echo 0x2080e0 | tee /sys/kernel/debug/ieee80211/*/ath10k/reg_addr
 cat /sys/kernel/debug/ieee80211/*/ath10k/reg_value

 BUG: unable to handle kernel paging request at ffffc90001e080e0
 IP: [<ffffffff8135c860>] ioread32+0x40/0x50
 ...
 Call Trace:
  [<ffffffffa00d0c7f>] ? ath10k_pci_read32+0x4f/0x70 [ath10k_pci]
  [<ffffffffa0080f50>] ath10k_reg_value_read+0x90/0xf0 [ath10k_core]
  [<ffffffff8115c2c1>] ? handle_mm_fault+0xa91/0x1050
  [<ffffffff81189758>] __vfs_read+0x28/0xe0
  [<ffffffff812e4694>] ? security_file_permission+0x84/0xa0
  [<ffffffff81189ce3>] ? rw_verify_area+0x53/0x100
  [<ffffffff81189e1a>] vfs_read+0x8a/0x140
  [<ffffffff8118acb9>] SyS_read+0x49/0xb0
  [<ffffffff8104e39c>] ? trace_do_page_fault+0x3c/0xc0
  [<ffffffff8196596e>] system_call_fastpath+0x12/0x71

Reported-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>

1 files changed, 1 insertions, 0 deletions

diff --git a/drivers/net/wireless/ath/ath10k/pci.h b/drivers/net/wireless/ath/ath10k/pci.h
index d7696ddc03c4..eea0a0170b00 100644
--- a/drivers/net/wireless/ath/ath10k/pci.h
+++ b/drivers/net/wireless/ath/ath10k/pci.h
@@ -162,6 +162,7 @@ struct ath10k_pci {
 	struct device *dev;
 	struct ath10k *ar;
 	void __iomem *mem;
+	size_t mem_len;
 
 	/*
 	 * Number of MSI interrupts granted, 0 --> using legacy PCI line