Add verification in qcom_smem_partition_header() that the size in a
partition's header structure matches the size in its partition table
entry.
Signed-off-by: Alex Elder <el...@linaro.org>
---
drivers/soc/qcom/smem.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/drivers/soc/qcom/smem.c b/drivers/soc/qcom/smem.c
index 516a17d340af..95d218d3a595 100644
--- a/drivers/soc/qcom/smem.c
+++ b/drivers/soc/qcom/smem.c
@@ -737,6 +737,7 @@ qcom_smem_partition_header(struct qcom_smem *smem,
struct smem_ptable_entry *entry)
{
struct smem_partition_header *header;
+ u32 size;
header = smem->regions[0].virt_base + le32_to_cpu(entry->offset);
@@ -747,6 +748,13 @@ qcom_smem_partition_header(struct qcom_smem *smem,
return NULL;
}
+ size = le32_to_cpu(header->size);
+ if (size != le32_to_cpu(entry->size)) {
+ dev_err(smem->dev, "bad partition size (%u != %u)\n",
+ size, le32_to_cpu(entry->size));
+ return NULL;
+ }
+
return header;
}
@@ -795,11 +803,6 @@ static int qcom_smem_set_global_partition(struct qcom_smem
*smem)
return -EINVAL;
}
- if (le32_to_cpu(header->size) != le32_to_cpu(entry->size)) {
- dev_err(smem->dev, "Global partition has invalid size\n");
- return -EINVAL;
- }
-
size = le32_to_cpu(header->offset_free_uncached);
if (size > le32_to_cpu(header->size)) {
dev_err(smem->dev,
@@ -870,12 +873,6 @@ static int qcom_smem_enumerate_partitions(struct qcom_smem
*smem,
return -EINVAL;
}
- if (le32_to_cpu(header->size) != le32_to_cpu(entry->size)) {
- dev_err(smem->dev,
- "Partition %d has invalid size\n", i);
- return -EINVAL;
- }
-
if (le32_to_cpu(header->offset_free_uncached) >
le32_to_cpu(header->size)) {
dev_err(smem->dev,
"Partition %d has invalid free pointer\n", i);
--
2.17.1
