[ERD][RAMEN9610-20672][COMMON] chub: add the validation of ipc index

author Boojin Kim <boojin.kim@samsung.com>

Wed, 3 Jul 2019 02:39:19 +0000 (11:39 +0900)

committer robot <robot@samsung.com>

Sun, 27 Oct 2019 17:53:07 +0000 (02:53 +0900)
author Boojin Kim <boojin.kim@samsung.com>
Wed, 3 Jul 2019 02:39:19 +0000 (11:39 +0900)
committer robot <robot@samsung.com>
Sun, 27 Oct 2019 17:53:07 +0000 (02:53 +0900)
diff --git a/drivers/staging/nanohub/chub.c b/drivers/staging/nanohub/chub.c

index 7b518099936f32b8d8f4349df18969da91558718..a7d0230b061cc10c76dfd0e42042828c0dc1514e 100644 (file)
--- a/drivers/staging/nanohub/chub.c
+++ b/drivers/staging/nanohub/chub.c
@@ -1224,9 +1224,13 @@ int contexthub_download_image(struct contexthub_ipc_info *ipc, enum ipc_region r
  
  static void handle_irq(struct contexthub_ipc_info *ipc, enum irq_evt_chub evt)
  {
+       int err;
+
         switch (evt) {
         case IRQ_EVT_C2A_DEBUG:
-               contexthub_handle_debug(ipc, CHUB_ERR_NANOHUB, 1);
+               err = (ipc_read_debug_event(AP) == IPC_DEBUG_CHUB_FAULT) ? CHUB_ERR_FW_FAULT : CHUB_ERR_NANOHUB;
+               dev_err(ipc->dev, "%s: c2a_debug: debug:%d, err:%d\n", __func__, ipc_read_debug_event(AP), err);
+               contexthub_handle_debug(ipc, err, 1);
                 break;
         case IRQ_EVT_C2A_INT:
                 if (atomic_read(&ipc->irq1_apInt) == C2A_OFF) {
diff --git a/drivers/staging/nanohub/chub_ipc.c b/drivers/staging/nanohub/chub_ipc.c

index 6bcd4b45caf6798b0e86e3eba0d00309ebc6ae72..13c8f214199b9202f8dd2e735a4fdf9023b3337b 100644 (file)
--- a/drivers/staging/nanohub/chub_ipc.c
+++ b/drivers/staging/nanohub/chub_ipc.c
@@ -287,7 +287,7 @@ void *ipc_get_chub_map(void)
  
         ipc_map = ipc_addr[IPC_REG_IPC].base;
         ipc_map->logbuf.size = LOGBUF_TOTAL_SIZE;
-       strcpy(&ipc_map->magic[0], CHUB_IPC_MAGIC);
+       strncpy(&ipc_map->magic[0], CHUB_IPC_MAGIC, sizeof(CHUB_IPC_MAGIC));
  
         ipc_addr[IPC_REG_IPC_EVT_A2C].base = &ipc_map->evt[IPC_EVT_A2C].data;
         ipc_addr[IPC_REG_IPC_EVT_A2C].offset = sizeof(struct ipc_evt);
@@ -320,7 +320,7 @@ void *ipc_get_chub_map(void)
         if (!ipc_have_sensor_info(&ipc_map->sensormap)) {
                 CSP_PRINTF_INFO("%s:ipc set sensormap and magic:%p\n", __func__, &ipc_map->sensormap);
                 memset(&ipc_map->sensormap, 0, sizeof(struct sensor_map));
-               strcpy(&ipc_map->sensormap.magic[0], SENSORMAP_MAGIC);
+               strncpy(&ipc_map->sensormap.magic[0], SENSORMAP_MAGIC, sizeof(SENSORMAP_MAGIC));
         }
  #endif
  
@@ -453,6 +453,10 @@ struct ipc_evt_buf *ipc_get_evt(enum ipc_evt_list evtq)
         }
  
  retry:
+       if (ipc_evt->ctrl.dq >= IPC_EVT_NUM) {
+               CSP_PRINTF_ERROR("%s:%s: invalid dq:%d\n", NAME_PREFIX, __func__, ipc_evt->ctrl.dq);
+               return NULL;
+       }
         /* only called by isr DISABLE_IRQ(); */
         if (!__ipc_evt_queue_empty(&ipc_evt->ctrl)) {
                 cur_evt = &ipc_evt->data[ipc_evt->ctrl.dq];
@@ -532,6 +536,10 @@ int ipc_add_evt(enum ipc_evt_list evtq, enum irq_evt_chub evt)
         }
  
  retry:
+       if (ipc_evt->ctrl.eq >= IPC_EVT_NUM) {
+               CSP_PRINTF_ERROR("%s:%s: invalid eq:%d\n", NAME_PREFIX, __func__, ipc_evt->ctrl.eq);
+               return -EINVAL;
+       }
         DISABLE_IRQ(LOCK_ADD_EVT, &flag);
         if (!__ipc_evt_queue_full(&ipc_evt->ctrl)) {
                 cur_evt = &ipc_evt->data[ipc_evt->ctrl.eq];
@@ -652,6 +660,10 @@ int ipc_write_data(enum ipc_data_list dir, void *tx, u16 length)
  
         if (length <= PACKET_SIZE_MAX) {
  retry:
+               if (ipc_data->eq >= IPC_CH_BUF_NUM) {
+                       CSP_PRINTF_ERROR("%s:%s: invalid eq:%d\n", NAME_PREFIX, __func__, ipc_data->eq);
+                       return -EINVAL;
+               }
                 DISABLE_IRQ(LOCK_WT_DATA, &flag);
  
                 if (!__ipc_queue_full(ipc_data)) {
@@ -713,6 +725,11 @@ void *ipc_read_data(enum ipc_data_list dir, u32 *len)
  
         DISABLE_IRQ(LOCK_RD_DATA, NULL);
  retry:
+       if (ipc_data->dq >= IPC_CH_BUF_NUM) {
+               CSP_PRINTF_ERROR("%s:%s: invalid dq:%d\n", NAME_PREFIX, __func__, ipc_data->dq);
+               ENABLE_IRQ(LOCK_RD_DATA, NULL);
+               return NULL;
+       }
         if (!__ipc_queue_empty(ipc_data)) {
                 struct ipc_channel_buf *ipc;
  
@@ -873,6 +890,8 @@ void *ipc_logbuf_inbase(bool force)
                         struct logbuf_content *log;
                         int index;
  
+                       if (logbuf->eq >= LOGBUF_NUM || logbuf->dq >= LOGBUF_NUM)
+                               return NULL;
                         if (!trylockTryTake(&ipcLockLog))
                                 return NULL;
                         if (logbuf->full) /* logbuf is full overwirte */
@@ -1053,6 +1072,9 @@ retry:
         return 0;
  }
  
+#else
+#define ipc_logbuf_outprint(a) ((void)0, 0)
+#endif
  enum ipc_fw_loglevel ipc_logbuf_loglevel(enum ipc_fw_loglevel loglevel, int set)
  {
         if (ipc_map) {
@@ -1065,10 +1087,6 @@ enum ipc_fw_loglevel ipc_logbuf_loglevel(enum ipc_fw_loglevel loglevel, int set)
  
         return 0;
  }
-#else
-#define ipc_logbuf_outprint(a) ((void)0, 0)
-#define ipc_logbuf_loglevel(a, b) ((void)0)
-#endif
  
  void ipc_set_owner(enum ipc_owner owner, void *base, enum ipc_direction dir)
  {
author	Boojin Kim <boojin.kim@samsung.com>
	Wed, 3 Jul 2019 02:39:19 +0000 (11:39 +0900)
committer	robot <robot@samsung.com>
	Sun, 27 Oct 2019 17:53:07 +0000 (02:53 +0900)
drivers/staging/nanohub/chub.c		patch \| blob \| blame \| history
drivers/staging/nanohub/chub_ipc.c		patch \| blob \| blame \| history