From: Boojin Kim Date: Wed, 3 Jul 2019 02:39:19 +0000 (+0900) Subject: [ERD][RAMEN9610-20672][COMMON] chub: add the validation of ipc index X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=6af9f3469705f153cf5c4b20c42f99ed1507e5b3;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [ERD][RAMEN9610-20672][COMMON] chub: add the validation of ipc index Change-Id: I621610545307bbc3fc1286fa2ff9efbcd55f8da7 Signed-off-by: Boojin Kim --- diff --git a/drivers/staging/nanohub/chub.c b/drivers/staging/nanohub/chub.c index 7b518099936f..a7d0230b061c 100644 --- a/drivers/staging/nanohub/chub.c +++ b/drivers/staging/nanohub/chub.c @@ -1224,9 +1224,13 @@ int contexthub_download_image(struct contexthub_ipc_info *ipc, enum ipc_region r static void handle_irq(struct contexthub_ipc_info *ipc, enum irq_evt_chub evt) { + int err; + switch (evt) { case IRQ_EVT_C2A_DEBUG: - contexthub_handle_debug(ipc, CHUB_ERR_NANOHUB, 1); + err = (ipc_read_debug_event(AP) == IPC_DEBUG_CHUB_FAULT) ? CHUB_ERR_FW_FAULT : CHUB_ERR_NANOHUB; + dev_err(ipc->dev, "%s: c2a_debug: debug:%d, err:%d\n", __func__, ipc_read_debug_event(AP), err); + contexthub_handle_debug(ipc, err, 1); break; case IRQ_EVT_C2A_INT: if (atomic_read(&ipc->irq1_apInt) == C2A_OFF) { diff --git a/drivers/staging/nanohub/chub_ipc.c b/drivers/staging/nanohub/chub_ipc.c index 6bcd4b45caf6..13c8f214199b 100644 --- a/drivers/staging/nanohub/chub_ipc.c +++ b/drivers/staging/nanohub/chub_ipc.c @@ -287,7 +287,7 @@ void *ipc_get_chub_map(void) ipc_map = ipc_addr[IPC_REG_IPC].base; ipc_map->logbuf.size = LOGBUF_TOTAL_SIZE; - strcpy(&ipc_map->magic[0], CHUB_IPC_MAGIC); + strncpy(&ipc_map->magic[0], CHUB_IPC_MAGIC, sizeof(CHUB_IPC_MAGIC)); ipc_addr[IPC_REG_IPC_EVT_A2C].base = &ipc_map->evt[IPC_EVT_A2C].data; ipc_addr[IPC_REG_IPC_EVT_A2C].offset = sizeof(struct ipc_evt); @@ -320,7 +320,7 @@ void *ipc_get_chub_map(void) if (!ipc_have_sensor_info(&ipc_map->sensormap)) { CSP_PRINTF_INFO("%s:ipc set sensormap and magic:%p\n", __func__, &ipc_map->sensormap); memset(&ipc_map->sensormap, 0, sizeof(struct sensor_map)); - strcpy(&ipc_map->sensormap.magic[0], SENSORMAP_MAGIC); + strncpy(&ipc_map->sensormap.magic[0], SENSORMAP_MAGIC, sizeof(SENSORMAP_MAGIC)); } #endif @@ -453,6 +453,10 @@ struct ipc_evt_buf *ipc_get_evt(enum ipc_evt_list evtq) } retry: + if (ipc_evt->ctrl.dq >= IPC_EVT_NUM) { + CSP_PRINTF_ERROR("%s:%s: invalid dq:%d\n", NAME_PREFIX, __func__, ipc_evt->ctrl.dq); + return NULL; + } /* only called by isr DISABLE_IRQ(); */ if (!__ipc_evt_queue_empty(&ipc_evt->ctrl)) { cur_evt = &ipc_evt->data[ipc_evt->ctrl.dq]; @@ -532,6 +536,10 @@ int ipc_add_evt(enum ipc_evt_list evtq, enum irq_evt_chub evt) } retry: + if (ipc_evt->ctrl.eq >= IPC_EVT_NUM) { + CSP_PRINTF_ERROR("%s:%s: invalid eq:%d\n", NAME_PREFIX, __func__, ipc_evt->ctrl.eq); + return -EINVAL; + } DISABLE_IRQ(LOCK_ADD_EVT, &flag); if (!__ipc_evt_queue_full(&ipc_evt->ctrl)) { cur_evt = &ipc_evt->data[ipc_evt->ctrl.eq]; @@ -652,6 +660,10 @@ int ipc_write_data(enum ipc_data_list dir, void *tx, u16 length) if (length <= PACKET_SIZE_MAX) { retry: + if (ipc_data->eq >= IPC_CH_BUF_NUM) { + CSP_PRINTF_ERROR("%s:%s: invalid eq:%d\n", NAME_PREFIX, __func__, ipc_data->eq); + return -EINVAL; + } DISABLE_IRQ(LOCK_WT_DATA, &flag); if (!__ipc_queue_full(ipc_data)) { @@ -713,6 +725,11 @@ void *ipc_read_data(enum ipc_data_list dir, u32 *len) DISABLE_IRQ(LOCK_RD_DATA, NULL); retry: + if (ipc_data->dq >= IPC_CH_BUF_NUM) { + CSP_PRINTF_ERROR("%s:%s: invalid dq:%d\n", NAME_PREFIX, __func__, ipc_data->dq); + ENABLE_IRQ(LOCK_RD_DATA, NULL); + return NULL; + } if (!__ipc_queue_empty(ipc_data)) { struct ipc_channel_buf *ipc; @@ -873,6 +890,8 @@ void *ipc_logbuf_inbase(bool force) struct logbuf_content *log; int index; + if (logbuf->eq >= LOGBUF_NUM || logbuf->dq >= LOGBUF_NUM) + return NULL; if (!trylockTryTake(&ipcLockLog)) return NULL; if (logbuf->full) /* logbuf is full overwirte */ @@ -1053,6 +1072,9 @@ retry: return 0; } +#else +#define ipc_logbuf_outprint(a) ((void)0, 0) +#endif enum ipc_fw_loglevel ipc_logbuf_loglevel(enum ipc_fw_loglevel loglevel, int set) { if (ipc_map) { @@ -1065,10 +1087,6 @@ enum ipc_fw_loglevel ipc_logbuf_loglevel(enum ipc_fw_loglevel loglevel, int set) return 0; } -#else -#define ipc_logbuf_outprint(a) ((void)0, 0) -#define ipc_logbuf_loglevel(a, b) ((void)0) -#endif void ipc_set_owner(enum ipc_owner owner, void *base, enum ipc_direction dir) {