diff options
author | Alex Elder <elder@linaro.org> | 2018-06-25 19:58:52 -0500 |
---|---|---|
committer | Andy Gross <andy.gross@linaro.org> | 2018-09-13 16:57:04 -0500 |
commit | 190b216c1535ca5af8db5c81e86d2192c4204b51 (patch) | |
tree | 913a6dea89e0b239c9f6c3285456402a3adfff97 /drivers/soc/qcom/smem.c | |
parent | ada79289735fea37e755bbefc4403c989e66f4b1 (diff) | |
download | lwn-190b216c1535ca5af8db5c81e86d2192c4204b51.tar.gz lwn-190b216c1535ca5af8db5c81e86d2192c4204b51.zip |
soc: qcom: smem: verify partition header size
Add verification in qcom_smem_partition_header() that the size in a
partition's header structure matches the size in its partition table
entry.
Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Diffstat (limited to 'drivers/soc/qcom/smem.c')
-rw-r--r-- | drivers/soc/qcom/smem.c | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/drivers/soc/qcom/smem.c b/drivers/soc/qcom/smem.c index eb530a6770c1..efaeec4a0395 100644 --- a/drivers/soc/qcom/smem.c +++ b/drivers/soc/qcom/smem.c @@ -733,6 +733,7 @@ qcom_smem_partition_header(struct qcom_smem *smem, struct smem_ptable_entry *entry) { struct smem_partition_header *header; + u32 size; header = smem->regions[0].virt_base + le32_to_cpu(entry->offset); @@ -743,6 +744,13 @@ qcom_smem_partition_header(struct qcom_smem *smem, return NULL; } + size = le32_to_cpu(header->size); + if (size != le32_to_cpu(entry->size)) { + dev_err(smem->dev, "bad partition size (%u != %u)\n", + size, le32_to_cpu(entry->size)); + return NULL; + } + return header; } @@ -796,11 +804,6 @@ static int qcom_smem_set_global_partition(struct qcom_smem *smem) return -EINVAL; } - if (le32_to_cpu(header->size) != le32_to_cpu(entry->size)) { - dev_err(smem->dev, "Global partition has invalid size\n"); - return -EINVAL; - } - size = le32_to_cpu(header->offset_free_uncached); if (size > le32_to_cpu(header->size)) { dev_err(smem->dev, @@ -871,12 +874,6 @@ static int qcom_smem_enumerate_partitions(struct qcom_smem *smem, return -EINVAL; } - if (le32_to_cpu(header->size) != le32_to_cpu(entry->size)) { - dev_err(smem->dev, - "Partition %d has invalid size\n", i); - return -EINVAL; - } - if (le32_to_cpu(header->offset_free_uncached) > le32_to_cpu(header->size)) { dev_err(smem->dev, "Partition %d has invalid free pointer\n", i); |