From ce05a9f39607623362aea9147c3dfab7a9f94ccb Mon Sep 17 00:00:00 2001 From: Alex Elder Date: Thu, 10 Jun 2021 14:23:02 -0500 Subject: [PATCH] net: ipa: clean up header memory validation Do some general cleanup in ipa_cmd_header_valid(): - Delay assigning the mem variable until just before it's used. - Assign the maximum offset and size values together. - Improve comments explaining the single range of memory being made up of a modem portion and an AP portion. - Record the offset of the combined range in a local variable. - Do the initial size assignment right after assigning the offset. Signed-off-by: Alex Elder Signed-off-by: David S. Miller --- drivers/net/ipa/ipa_cmd.c | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/drivers/net/ipa/ipa_cmd.c b/drivers/net/ipa/ipa_cmd.c index 525cdf2..3e5f10d 100644 --- a/drivers/net/ipa/ipa_cmd.c +++ b/drivers/net/ipa/ipa_cmd.c @@ -200,41 +200,53 @@ bool ipa_cmd_table_valid(struct ipa *ipa, const struct ipa_mem *mem, /* Validate the memory region that holds headers */ static bool ipa_cmd_header_valid(struct ipa *ipa) { - const struct ipa_mem *mem = &ipa->mem[IPA_MEM_MODEM_HEADER]; struct device *dev = &ipa->pdev->dev; + const struct ipa_mem *mem; u32 offset_max; u32 size_max; + u32 offset; u32 size; - /* In ipa_cmd_hdr_init_local_add() we record the offset and size - * of the header table memory area. Make sure the offset and size - * fit in the fields that need to hold them, and that the entire - * range is within the overall IPA memory range. + /* In ipa_cmd_hdr_init_local_add() we record the offset and size of + * the header table memory area in an immediate command. Make sure + * the offset and size fit in the fields that need to hold them, and + * that the entire range is within the overall IPA memory range. */ offset_max = field_max(HDR_INIT_LOCAL_FLAGS_HDR_ADDR_FMASK); - if (mem->offset > offset_max || - ipa->mem_offset > offset_max - mem->offset) { + size_max = field_max(HDR_INIT_LOCAL_FLAGS_TABLE_SIZE_FMASK); + + /* The header memory area contains both the modem and AP header + * regions. The modem portion defines the address of the region. + */ + mem = &ipa->mem[IPA_MEM_MODEM_HEADER]; + offset = mem->offset; + size = mem->size; + + /* Make sure the offset fits in the IPA command */ + if (offset > offset_max || ipa->mem_offset > offset_max - offset) { dev_err(dev, "header table region offset too large\n"); dev_err(dev, " (0x%04x + 0x%04x > 0x%04x)\n", - ipa->mem_offset, mem->offset, offset_max); + ipa->mem_offset, offset, offset_max); return false; } - size_max = field_max(HDR_INIT_LOCAL_FLAGS_TABLE_SIZE_FMASK); - size = ipa->mem[IPA_MEM_MODEM_HEADER].size; + /* Add the size of the AP portion to the combined size */ size += ipa->mem[IPA_MEM_AP_HEADER].size; + /* Make sure the combined size fits in the IPA command */ if (size > size_max) { dev_err(dev, "header table region size too large\n"); dev_err(dev, " (0x%04x > 0x%08x)\n", size, size_max); return false; } - if (size > ipa->mem_size || mem->offset > ipa->mem_size - size) { + + /* Make sure the entire combined area fits in IPA memory */ + if (size > ipa->mem_size || offset > ipa->mem_size - size) { dev_err(dev, "header table region out of range\n"); dev_err(dev, " (0x%04x + 0x%04x > 0x%04x)\n", - mem->offset, size, ipa->mem_size); + offset, size, ipa->mem_size); return false; } -- 2.7.4