projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ada7928)
soc: qcom: smem: verify partition header size
authorAlex Elder <elder@linaro.org>
Tue, 26 Jun 2018 00:58:52 +0000 (19:58 -0500)
committerAndy Gross <andy.gross@linaro.org>
Thu, 13 Sep 2018 21:57:04 +0000 (16:57 -0500)
Add verification in qcom_smem_partition_header() that the size in a
partition's header structure matches the size in its partition table
entry.

Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
drivers/soc/qcom/smem.c patch | blob | history

diff --git a/drivers/soc/qcom/smem.c b/drivers/soc/qcom/smem.c
index eb530a6..efaeec4 100644 (file)
--- a/drivers/soc/qcom/smem.c
+++ b/drivers/soc/qcom/smem.c
@@ -733,6 +733,7 @@ qcom_smem_partition_header(struct qcom_smem *smem,
                struct smem_ptable_entry *entry)
 {
        struct smem_partition_header *header;
+       u32 size;
 
        header = smem->regions[0].virt_base + le32_to_cpu(entry->offset);
 
@@ -743,6 +744,13 @@ qcom_smem_partition_header(struct qcom_smem *smem,
                return NULL;
        }
 
+       size = le32_to_cpu(header->size);
+       if (size != le32_to_cpu(entry->size)) {
+               dev_err(smem->dev, "bad partition size (%u != %u)\n",
+                       size, le32_to_cpu(entry->size));
+               return NULL;
+       }
+
        return header;
 }
 
@@ -796,11 +804,6 @@ static int qcom_smem_set_global_partition(struct qcom_smem *smem)
                return -EINVAL;
        }
 
-       if (le32_to_cpu(header->size) != le32_to_cpu(entry->size)) {
-               dev_err(smem->dev, "Global partition has invalid size\n");
-               return -EINVAL;
-       }
-
        size = le32_to_cpu(header->offset_free_uncached);
        if (size > le32_to_cpu(header->size)) {
                dev_err(smem->dev,
@@ -871,12 +874,6 @@ static int qcom_smem_enumerate_partitions(struct qcom_smem *smem,
                        return -EINVAL;
                }
 
-               if (le32_to_cpu(header->size) != le32_to_cpu(entry->size)) {
-                       dev_err(smem->dev,
-                               "Partition %d has invalid size\n", i);
-                       return -EINVAL;
-               }
-
                if (le32_to_cpu(header->offset_free_uncached) > le32_to_cpu(header->size)) {
                        dev_err(smem->dev,
                                "Partition %d has invalid free pointer\n", i);
Domain: System / Kernel;